CVE-2020-4955

Published: Feb 15, 2021Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.

Affected (2)

Products: Ibm: Spectrum Protect Operations Center

1 product

Spectrum Protect Operations Center

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Spectrum Protect Operations Center	From 7.1.0.000 to 7.1.13.000
Ibm Spectrum Protect Operations Center	From 8.1.0.000 to 8.1.10.200

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/192155

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6404966

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/192155

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6404966

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.