Multiple vulnerabilities in IBM Spectrum Protect Plus



| Updated: 2020-04-03
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-4213
CVE-2020-4222
CVE-2020-4212
CVE-2020-4211
CVE-2020-4210
CVE-2019-4703
CWE-ID CWE-77
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
IBM Spectrum Protect Plus
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

Updated 03.04.2020
Added vulnerability #6

1) Command Injection

EUVDB-ID: #VU25800

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-4213

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "username" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0

CPE2.3 External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/175024
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-270/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command Injection

EUVDB-ID: #VU25799

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-4222

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "password" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0

CPE2.3 External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/175091
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-271/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Command Injection

EUVDB-ID: #VU25798

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-4212

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hfpackage" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0

CPE2.3 External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/175023
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-272/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Command Injection

EUVDB-ID: #VU25797

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-4211

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hostname" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0

CPE2.3 External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/175022
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-273/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Command Injection

EUVDB-ID: #VU25796

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-4210

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service in the "changeAdministratorPassword" functionality due to improper validation of a user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0

CPE2.3 External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/175020
https://www.ibm.com/support/pages/node/3178863
https://www.zerodayinitiative.com/advisories/ZDI-20-274/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU26560

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-4703

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the user id and password may be exposed when protecting Microsoft SQL or Microsoft Exchange. A remote attacker on the local network with intimate knowledge of the system can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0

CPE2.3 External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/172013
https://www.ibm.com/support/pages/node/3177915


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###