Arbitrary File Upload Vulnerability in IBM Spectrum Protect Plus Administrative Console
CVE-2020-4703

8HIGH

Key Information:

Vendor: IBM
Status: Spectrum Protect Plus
Vendor: CVE Published:; 15 September 2020

Summary

An authenticated attacker could exploit a flaw in the IBM Spectrum Protect Plus Administrative Console, versions 10.1.0 through 10.1.6, allowing them to upload arbitrary files. This could lead to the execution of arbitrary code on the vulnerable server, potentially compromising the integrity and availability of the system. This vulnerability stems from an incomplete fix for a previous issue (CVE-2020-4470) and highlights the importance of robust security measures.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.6

References

https://www.ibm.com/support/pages/node/6328867

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/187188

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2020
Vulnerability Reserved
Dec 30, 2019