Описание
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.1.0 (включая) до 10.1.6 (включая)
cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00842
Низкий
8 High
CVSS3
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
EPSS
Процентиль: 74%
0.00842
Низкий
8 High
CVSS3
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-434