8

CVE-2020-4955

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSpectrum Protect Operations Center Version >= 7.1.0.000 < 7.1.13.000
IbmSpectrum Protect Operations Center Version >= 8.1.0.000 < 8.1.10.200
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.453
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.2 5.1 6.4
AV:A/AC:L/Au:S/C:P/I:P/A:P
psirt@us.ibm.com 8 1.3 6
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.ibm.com/support/pages/node/6404966
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/192155
Vendor Advisory
VDB Entry