Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM31338194CFFB21A8D792EC0891A93A20D5EA690FA540B623C5E2FEB658219248
HistoryOct 28, 2020 - 5:38 p.m.

Security Bulletin: Embedded WebSphere Application Server is vulnerable to a remote command execution vulnerability affects Content Collector for Email

2020-10-2817:38:58
www.ibm.com
13
ibm
websphere
application server
content collector
email
vulnerability
remote command execution
elevated privileges
unc paths
ibm x-force
cve-2020-4534
cvss
content collector for email 4.0.1
interim fix if007

EPSS

0

Percentile

5.1%

JSON

Summary

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808

Vulnerability Details

CVEID:CVE-2020-4534
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182808 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.1

Remediation/Fixes

Product VRM Remediation
Content Collector for Email 4.0.1 Use Content Collector for Email 4.0.1.9 Interim Fix IF007

Workarounds and Mitigations

None

Related

ibm 31
cve 1
nvd 1
nessus 1
prion 1
cvelist 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4534)
2020-07-31 22:58:52
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4534)
2022-09-14 15:28:14
Security Bulletin: A security vulnerability has been identified in WebSphereยฎ Application Server shipped with IBMยฎ Intelligent Operations Center (CVE-2020-4534)
2020-08-19 17:51:47
cve
cve
CVE-2020-4534
2020-08-03 13:15:11
nvd
nvd
CVE-2020-4534
2020-08-03 13:15:11
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.17 / 9.0.x <= 9.0.5.4 RCE (6255074)
2020-09-09 00:00:00
prion
prion
Code injection
2020-08-03 13:15:00
cvelist
cvelist
CVE-2020-4534
2020-08-03 12:35:38

EPSS

0

Percentile

5.1%

JSON
Related for 31338194CFFB21A8D792EC0891A93A20D5EA690FA540B623C5E2FEB658219248
ibm31cve1nvd1nessus1prion1cvelist1