Multiple vulnerabilities in IBM Spectrum Protect Plus
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-4213 CVE-2020-4222 CVE-2020-4212 CVE-2020-4211 CVE-2020-4210 CVE-2019-4703 |
| CWE-ID | CWE-77 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Spectrum Protect Plus Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
Updated 03.04.2020
Added vulnerability #6
1) Command Injection
EUVDB-ID: #VU25800
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4213
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "username" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.5.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://exchange.xforce.ibmcloud.com/vulnerabilities/175024
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-270/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Command Injection
EUVDB-ID: #VU25799
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4222
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "password" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.5.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://exchange.xforce.ibmcloud.com/vulnerabilities/175091
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-271/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Command Injection
EUVDB-ID: #VU25798
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4212
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hfpackage" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.5.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://exchange.xforce.ibmcloud.com/vulnerabilities/175023
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-272/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command Injection
EUVDB-ID: #VU25797
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4211
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hostname" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.5.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://exchange.xforce.ibmcloud.com/vulnerabilities/175022
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-273/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Command Injection
EUVDB-ID: #VU25796
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4210
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service in the "changeAdministratorPassword" functionality due to improper validation of a user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.5.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://exchange.xforce.ibmcloud.com/vulnerabilities/175020
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-274/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU26560
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-4703
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the user id and password may be exposed when protecting Microsoft SQL or Microsoft Exchange. A remote attacker on the local network with intimate knowledge of the system can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
CPE2.3
- cpe:2.3:a:ibm_corporation:ibm_spectrum_protect_plus:10.1.5.0:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://exchange.xforce.ibmcloud.com/vulnerabilities/172013
http://www.ibm.com/support/pages/node/3177915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
