CVE-2020-4711: Path Traversal
First published: Tue Sep 15 2020(Updated: )
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | >=10.1.0<=10.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for IBM Spectrum Protect Plus?
The vulnerability ID for IBM Spectrum Protect Plus is CVE-2020-4711.
What is the severity of CVE-2020-4711?
The severity of CVE-2020-4711 is medium.
How does CVE-2020-4711 impact IBM Spectrum Protect Plus?
CVE-2020-4711 allows a remote attacker to traverse directories on the system and view arbitrary files.
What versions of IBM Spectrum Protect Plus are affected by CVE-2020-4711?
Versions 10.1.0 through 10.1.6 of IBM Spectrum Protect Plus are affected by CVE-2020-4711.
Is there a fix available for CVE-2020-4711?
Yes, IBM has provided a fix for CVE-2020-4711. Please refer to IBM's support page for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0
- version/ibm spectrum protect plus/10.1.6