Vulnerability Description
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Plus | >= 10.1.0, <= 10.1.5 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/181725VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6221358PatchVendor Advisory
- https://www.tenable.com/security/research/tra-2020-37Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/181725VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6221358PatchVendor Advisory
- https://www.tenable.com/security/research/tra-2020-37Third Party Advisory
FAQ
What is CVE-2020-4470?
CVE-2020-4470 is a vulnerability with a CVSS score of 8.0 (HIGH). IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. I...
How severe is CVE-2020-4470?
CVE-2020-4470 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-4470?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect Plus.