3 matches found
IBM Spectrum Protect Plus Command Injection (CVE-2020-4206)
A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the timezone parameter...
Security Bulletin: Authentication Bypass, Arbitrary Directory Deletion, and Command Injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4208, CVE-2020-4214, CVE-2020-4206, CVE-2020-4241, CVE-2020-4242)
Summary IBM Spectrum Protect Plus is vulnerable to authentication bypass, arbitrary directory deletion, and command injection which allows a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4208 DESCRIPTION: IBM Spectrum Protect Plus contains hard-cod...
CVE-2020-4206
CVE-2020-4206 affects IBM Spectrum Protect Plus 10.1.0–10.1.5. A remote attacker can execute arbitrary commands as root due to improper validation of user-supplied input. This is supported by multiple sources in the connected set (IBM X-Force, IBM security bulletin). Remediation per the IBM bulle...