CVE-2020-4469 — IBM Spectrum Protect Plus vulnerability

4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

28.2%

top 3.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Protect Plus

Timeline

PublishedJun 15

Latest updateMay 24

Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/spectrum_protect_plus10.1.0 — 10.1.5

▶CVEListV5ibm/spectrum_protect_plus10.1.0, 10.1.5+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5pwc-mh67-m6xf: IBM Spectrum Protect Plus 10↗2022-05-24

▶

CVEList

CVE-2020-4469: IBM Spectrum Protect Plus 10↗2020-06-15

▶

💬Community

Bugzilla

CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c↗2020-04-14

▶