CVE-2020-4703: Malicious File Upload
First published: Tue Sep 15 2020(Updated: )
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | >=10.1.0<=10.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security vulnerability?
The vulnerability ID for this security vulnerability is CVE-2020-4703.
What is the severity of CVE-2020-4703?
The severity of CVE-2020-4703 is high, with a severity value of 8.
What is the affected software for CVE-2020-4703?
The affected software for CVE-2020-4703 is IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6.
How does CVE-2020-4703 impact the vulnerable server?
CVE-2020-4703 allows an authenticated attacker to upload arbitrary files and execute arbitrary code on the vulnerable server.
Is there a patch or fix available for CVE-2020-4703?
Yes, a fix for CVE-2020-4703 is available. Please refer to the IBM support page for more information.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0
- version/ibm spectrum protect plus/10.1.6