iBase file uploads does not restrict the file type to be uploaded. This issue has been addressed.
CVEID:CVE-2020-4588
**DESCRIPTION:**IBM i2 iBase could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184579 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i2 iBase | All |
IBM i2 iBase | 8.9.13 |
This was addressed in iBase 9. Please refer to your Passport Advantage account for upgrades
None