Local File Upload Vulnerability in IBM Cloud Pak System
CVE-2020-4928

6.7MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
4 January 2021

Summary

The local file upload vulnerability in IBM Cloud Pak System 2.3 permits an attacker with local access to upload arbitrary files. By manipulating the request and altering the file extension, the attacker can execute arbitrary code on the server, potentially leading to severe security breaches. This vulnerability could exploit various attack vectors if not mitigated, emphasizing the need for robust security measures.

Affected Version(s)

Cloud Pak System 2.3

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.