IBM Spectrum Protect Plus up to 10.1.5 Incomplete Fix CVE-2020-4211 command injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). Affected is an unknown code of the component Incomplete Fix CVE-2020-4211. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/16/2020 12:06 PM10/24/2020 05:56 PM10/24/2020 06:02 PM
vendorIBMIBMIBM
nameSpectrum Protect PlusSpectrum Protect PlusSpectrum Protect Plus
version10.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.510.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.510.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.5
componentIncomplete Fix CVE-2020-4211Incomplete Fix CVE-2020-4211Incomplete Fix CVE-2020-4211
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore6.86.86.8
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.77.77.7
cvss3_meta_tempscore7.77.77.7
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.37.37.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592179200 (06/15/2020)1592179200 (06/15/2020)1592179200 (06/15/2020)
urlhttps://www.ibm.com/support/pages/node/6221358https://www.ibm.com/support/pages/node/6221358https://www.ibm.com/support/pages/node/6221358
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2020-4469CVE-2020-4469CVE-2020-4469
seealso156763 156764156763 156764156763 156764
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore8.18.18.1
typeBackup SoftwareBackup SoftwareBackup Software
cvss3_nvd_avNNN
cvss3_nvd_acHHH
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
cve_assigned157766400015776640001577664000
cve_nvd_summaryIBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.
cwe77 (privilege escalation)77 (privilege escalation)77 (privilege escalation)
confirm_urlhttps://www.ibm.com/support/pages/node/6221358https://www.ibm.com/support/pages/node/6221358
xforce181724181724
cve_cnaIBM Corporation

Do you need the next level of professionalism?

Upgrade your account now!