CVE-2020-4703
8
CVSS:3.0/PR:L/C:H/UI:R/I:H/AV:N/S:U/AC:L/A:H/RL:O/RC:C/E:U
Summary
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Spectrum Protect Plus | 10.1.0 | affected |
| IBM | Spectrum Protect Plus | 10.1.6 | affected |
Weaknesses
- Gain Privileges
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6328867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/187188
References
- https://www.ibm.com/support/pages/node/6328867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/187188
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.