3 matches found
IBM Spectrum Protect Plus Security Open to RCE
IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue’s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems. IBM Spectrum Protect Plus is a data-protection...
CVE-2020-4703
CVE-2020-4703 affects IBM Spectrum Protect Plus 10.1.0–10.1.6 (Administrative Console). The issue allows an authenticated attacker to upload arbitrary files, which could be used to execute arbitrary code on the vulnerable server. It stems from an incomplete fix for CVE-2020-4470. Exploitation req...
Security Bulletin: Directory Traversal and Execution of Arbitrary Code vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4711, CVE-2020-4703)
Summary IBM Spectrum Protect Plus is vulnerable to directory traversal and execution of arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4711 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to traverse directories on the system. An attacker could send a...