First published: Mon Mar 30 2020(Updated: )
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Protect Plus | >=10.1.0<=10.1.5 | |
Linux Linux kernel | ||
<=10.1.0-10.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-4209 is rated as medium with a CVSS score of 5.4.
An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to exploit CVE-2020-4209 and create arbitrary files on the system.
To prevent exploitation of CVE-2020-4209, apply the necessary security updates provided by IBM.
Yes, IBM Spectrum Protect Plus 10.1.5 is affected by CVE-2020-4209 and could allow a remote attacker to traverse directories on the system.