6 matches found
IBM Spectrum Protect Plus File Upload RCE
The IBM Spectrum Protect Plus SPP administrative console running on the remote host is affected by a remote code execution vulnerability due to the fact that it allows remote installation of console plugins. An unauthenticated, remote attacker can exploit this and CVE-2020-4711 together, via...
IBM Spectrum Protect Plus Directory Traversal (CVE-2020-4711)
A directory traversal vulnerability exists in IBM Spectrum Protect Plus. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information from the affected server...
CVE-2020-4711
creationtimestamp| type| source ---|---|--- 2020-09-15 22:09:22+00:00| seen| https://t.me/cibsecurity/14673...
IBM Spectrum Protect Plus Security Open to RCE
IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue’s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems. IBM Spectrum Protect Plus is a data-protection...
CVE-2020-4711
CVE-2020-4711 affects IBM Spectrum Protect Plus 10.1.0–10.1.6. The issue is a directory traversal vulnerability in a script (restore_wrapper.sh) accessed via the unauthenticated endpoint /catalogmanager/api/catalog (cmode=restorefromjob). A missing/ bypassable path check allows an unauthenticated...
Security Bulletin: Directory Traversal and Execution of Arbitrary Code vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4711, CVE-2020-4703)
Summary IBM Spectrum Protect Plus is vulnerable to directory traversal and execution of arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4711 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to traverse directories on the system. An attacker could send a...