Published: 15/09/2020 Updated: 16/09/2020
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.6 Administrative Console could allow an authenticated malicious user to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.

Vulnerability Trend

Recent Articles

IBM Spectrum Protect Plus Security Open to RCE
Threatpost • Lindsey O'Donnell • 15 Sep 2020

IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue’s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems.
IBM Spectrum Protect Plus is a data-protection solution that provides near-instant recovery, replication, reuse and self-service for virtual machines. The vulnerabilities (CVE-2020-4703 and CVE-2020-4711) affect versions 10.1.0 through 10.1....