CVE-2021-39065
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.
IBM Spectrum Copy Data Management 2.2.13 y anteriores, podían permitir a un atacante remoto ejecutar comandos arbitrarios en el sistema, debido a la comprobación inapropiada de la entrada proporcionada por el usuario en la función login and uploadcertificate de la consola de administración de Spectrum Copy Data Management. Un atacante remoto podría inyectar comandos shell arbitrarios que serán ejecutados en el sistema afectado. IBM X-Force ID: 214958
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-16 CVE Reserved
- 2021-12-13 CVE Published
- 2024-03-03 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.ibm.com/support/pages/node/6525554 | 2022-07-12 |
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/214958 | 2022-07-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Spectrum Copy Data Management Search vendor "Ibm" for product "Spectrum Copy Data Management" | <= 2.2.13 Search vendor "Ibm" for product "Spectrum Copy Data Management" and version " <= 2.2.13" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|