CVE-2020-4928 — Unrestricted File Upload in IBM Cloud PAK System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 79.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK System

Timeline

PublishedJan 4

Latest updateMay 24

Description

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/cloud_pak_system2.3.0.0 — 2.3.3.3

▶CVEListV5ibm/cloud_pak_system2.3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-j684-c6q4-x85p: IBM Cloud Pak System 2↗2022-05-24

▶

CVEList

CVE-2020-4928: IBM Cloud Pak System 2↗2021-01-04

▶