Multiple vulnerabilities in IBM Spectrum Protect Plus
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-4213 CVE-2020-4222 CVE-2020-4212 CVE-2020-4211 CVE-2020-4210 CVE-2019-4703 |
| CWE-ID | CWE-77 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Spectrum Protect Plus Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
Updated 03.04.2020
Added vulnerability #6
1) Command Injection
EUVDB-ID: #VU25800
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-4213
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "username" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.2.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/175024
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-270/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Command Injection
EUVDB-ID: #VU25799
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-4222
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "password" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.2.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/175091
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-271/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Command Injection
EUVDB-ID: #VU25798
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-4212
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hfpackage" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.2.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/175023
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-272/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command Injection
EUVDB-ID: #VU25797
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-4211
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hostname" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.2.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/175022
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-273/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Command Injection
EUVDB-ID: #VU25796
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-4210
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service in the "changeAdministratorPassword" functionality due to improper validation of a user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.2.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/175020
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-274/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU26560
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-4703
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the user id and password may be exposed when protecting Microsoft SQL or Microsoft Exchange. A remote attacker on the local network with intimate knowledge of the system can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.2.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/172013
https://www.ibm.com/support/pages/node/3177915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
