CVE-2020-4703

EUVD-2020-25950
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
ibmCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/PR:L/C:H/UI:R/I:H/AV:N/S:U/AC:L/A:H/RL:O/RC:C/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
ibmspectrum_protect_plus
10.1.0 ≤
𝑥
≤ 10.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/187188
https://www.ibm.com/support/pages/node/6328867
https://exchange.xforce.ibmcloud.com/vulnerabilities/187188
https://www.ibm.com/support/pages/node/6328867