Vulnerability Description
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Operations Center | >= 7.1.0.000, < 7.1.13.000 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192155VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6404966PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192155VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6404966PatchVendor Advisory
FAQ
What is CVE-2020-4955?
CVE-2020-4955 is a vulnerability with a CVSS score of 8.0 (HIGH). IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet req...
How severe is CVE-2020-4955?
CVE-2020-4955 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-4955?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect Operations Center.