Vulnerability CVE-2020-4955


Published: 2021-02-15

Description:
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:A/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.2/10
6.4/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
IBM -> Spectrum protect operations center 

 References:
https://exchange.xforce.ibmcloud.com/vulnerabilities/192155
https://www.ibm.com/support/pages/node/6404966

Copyright 2024, cxsecurity.com

 

Back to Top