VDB-156762 · CVE-2020-4469 · XFDB 181724

IBM Spectrum Protect Plus up to 10.1.5 Incomplete Fix CVE-2020-4211 command injection

A vulnerability classified as critical has been found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). Affected is an unknown code of the component Incomplete Fix CVE-2020-4211. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	06/16/2020 12:06 PM	10/24/2020 05:56 PM	10/24/2020 06:02 PM
vendor	IBM	IBM	IBM
name	Spectrum Protect Plus	Spectrum Protect Plus	Spectrum Protect Plus
version	10.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.5	10.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.5	10.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.5
component	Incomplete Fix CVE-2020-4211	Incomplete Fix CVE-2020-4211	Incomplete Fix CVE-2020-4211
risk	2	2	2
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	6.8	6.8	6.8
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	7.7	7.7	7.7
cvss3_meta_tempscore	7.7	7.7	7.7
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	7.3	7.3	7.3
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
date	1592179200 (06/15/2020)	1592179200 (06/15/2020)	1592179200 (06/15/2020)
url	https://www.ibm.com/support/pages/node/6221358	https://www.ibm.com/support/pages/node/6221358	https://www.ibm.com/support/pages/node/6221358
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
price_trend	+	+	+
cve	CVE-2020-4469	CVE-2020-4469	CVE-2020-4469
seealso	156763 156764	156763 156764	156763 156764
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	8.1	8.1	8.1
type	Backup Software	Backup Software	Backup Software
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	H	H	H
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	H	H	H
cvss3_nvd_a	H	H	H
cve_assigned	1577664000	1577664000	1577664000
cve_nvd_summary	IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.	IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.	IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.
cwe	77 (privilege escalation)	77 (privilege escalation)	77 (privilege escalation)
confirm_url		https://www.ibm.com/support/pages/node/6221358	https://www.ibm.com/support/pages/node/6221358
xforce		181724	181724
cve_cna			IBM Corporation

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!