CVE-2020-4955

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

8.0HIGH

EPSS

1.2%

top 20.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Protect Operations Center

Timeline

PublishedFeb 15

Latest updateMay 24

Description

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/spectrum_protect_operations_center7.1.0.000 — 7.1.13.000+1

▶CVEListV5ibm/spectrum_protect_operations_center4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-jgx4-qxw5-g434: IBM Spectrum Protect Operations Center 7↗2022-05-24

▶

CVEList

CVE-2020-4955: IBM Spectrum Protect Operations Center 7↗2021-02-15

▶