Vulnerability Details CVE-2020-4470
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.2%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 6.0
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/181725
- https://www.ibm.com/support/pages/node/6221358
- https://www.tenable.com/security/research/tra-2020-37
- https://exchange.xforce.ibmcloud.com/vulnerabilities/181725
- https://www.ibm.com/support/pages/node/6221358
- https://www.tenable.com/security/research/tra-2020-37
Products affected by CVE-2020-4470
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1.142
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.209
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.219
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.247
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.271
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.303
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.350
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3.236
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3.286
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.145
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.179
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.222
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.254
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.277
-
cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5