CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 0CVE-2020-4241 – IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4241
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 https://www.ibm.com/support/pages/node/6114130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 0CVE-2020-4242 – IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4242
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 https://www.ibm.com/support/pages/node/6114130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •