Local File Upload Vulnerability in IBM Cloud Pak System
CVE-2020-4928

6.7MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak System
Vendor: CVE Published:; 4 January 2021

Summary

The local file upload vulnerability in IBM Cloud Pak System 2.3 permits an attacker with local access to upload arbitrary files. By manipulating the request and altering the file extension, the attacker can execute arbitrary code on the server, potentially leading to severe security breaches. This vulnerability could exploit various attack vectors if not mitigated, emphasizing the need for robust security measures.

Affected Version(s)

Cloud Pak System 2.3

References

https://www.ibm.com/support/pages/node/6393554

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191705

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2021
Vulnerability Reserved
Dec 30, 2019