CVE-2020-4209
IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.
IBM Spectrum Protect Plus versiones10.1.0 hasta la versión 10.1.5, podría permitir a un atacante remoto saltar directorios del sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para crear archivos arbitrarios en el sistema. IBM X-Force ID: 175019.
This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the Administrative Console Framework service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of an administrator.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2020-03-31 CVE Published
- 2024-04-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.ibm.com/support/pages/node/6116488 | 2020-05-08 |
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/175019 | 2020-05-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Spectrum Protect Plus Search vendor "Ibm" for product "Spectrum Protect Plus" | >= 10.1.0 <= 10.1.5 Search vendor "Ibm" for product "Spectrum Protect Plus" and version " >= 10.1.0 <= 10.1.5" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|