CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4209 – IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-4209
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. IBM Spectrum Protect Plus versiones10.1.0 hasta la versión 10.1.5, podría permitir a un atacante remoto saltar directorios del sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para crear archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175019 https://www.ibm.com/support/pages/node/6116488 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 0CVE-2020-4242 – IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4242
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 https://www.ibm.com/support/pages/node/6114130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 27%CPEs: 1EXPL: 0CVE-2020-4206 – IBM Spectrum Protect Plus timezone Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4206
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto ejecutar comandos arbitrarios sobre el sistema en el contexto del usuario root, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 174966. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. • https://exchange.xforce.ibmcloud.com/vulnerabilities/174966 https://www.ibm.com/support/pages/node/6114130 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4214 – IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2020-4214
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto eliminar arbitrariamente un directorio, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 175026. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of IBM Spectrum Protect Plus. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175026 https://www.ibm.com/support/pages/node/6114130 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4703
https://notcve.org/view.php?id=CVE-2019-4703
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. IBM Spectrum Protect Plus versiones 10.1.0 y 10.5.0, cuando protege a Microsoft SQL o Microsoft Exchange, podría permitir a un atacante con un conocimiento intimo del sistema obtener información altamente confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172013 https://www.ibm.com/support/pages/node/3177915 •