CVE-2020-4928: Malicious File Upload
First published: Tue Nov 17 2020(Updated: )
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak System | >=2.3.0.0<2.3.3.3 | |
| <=2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4928?
CVE-2020-4928 is a vulnerability in IBM Cloud Pak System 2.3 that allows a local privileged attacker to upload arbitrary files and execute arbitrary code on the server.
What is the severity of CVE-2020-4928?
The severity of CVE-2020-4928 is medium with a CVSS score of 6.7.
How can a local privileged attacker exploit CVE-2020-4928?
A local privileged attacker can exploit CVE-2020-4928 by intercepting the request and modifying the file extension to upload arbitrary files and execute arbitrary code on the server.
Which versions of IBM Cloud Pak System are affected by CVE-2020-4928?
IBM Cloud Pak System versions up to and including 2.3.3.3 are affected by CVE-2020-4928.
How can I fix CVE-2020-4928 in IBM Cloud Pak System?
To fix CVE-2020-4928 in IBM Cloud Pak System, update to a version above 2.3.3.3 or apply the necessary patches provided by IBM.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm cloud pak system
- version/ibm cloud pak system/2.3.0.0
- version/ibm cloud pak system/2.3