3 matches found
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4469, CVE-2020-4471, CVE-2020-4470)
Summary Multiple vulnerabilities in IBM Spectrum Protect Plus could allow a remote attacker to executive arbitrary code on the system, cause a denial or service, or hijack DNS sessions. Vulnerability Details CVEID: CVE-2020-4469 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker...
CVE-2020-4469
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix...
CVE-2020-4469
IBM Spectrum Protect Plus 10.1.0–10.1.5 is affected by a remote code execution via hostname command injection. The issue stems from improper validation of the hostname parameter in the HTTP request to the Administrative Console Framework, allowing unauthenticated, remote attackers to execute arbi...