Multiple vulnerabilities in IBM Spectrum Protect Plus



Published: 2020-03-06 | Updated: 2020-04-03
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-4213
CVE-2020-4222
CVE-2020-4212
CVE-2020-4211
CVE-2020-4210
CVE-2019-4703
CWE-ID CWE-77
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Spectrum Protect Plus
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

Updated 03.04.2020
Added vulnerability #6

1) Command Injection

EUVDB-ID: #VU25800

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4213

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "username" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0


CPE2.3 External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/175024
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-270/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command Injection

EUVDB-ID: #VU25799

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4222

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "password" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0


CPE2.3 External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/175091
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-271/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Command Injection

EUVDB-ID: #VU25798

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4212

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hfpackage" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0


CPE2.3 External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/175023
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-272/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Command Injection

EUVDB-ID: #VU25797

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4211

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hostname" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0


CPE2.3 External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/175022
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-273/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Command Injection

EUVDB-ID: #VU25796

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4210

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service in the "changeAdministratorPassword" functionality due to improper validation of a user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0


CPE2.3 External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/175020
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-274/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU26560

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-4703

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the user id and password may be exposed when protecting Microsoft SQL or Microsoft Exchange. A remote attacker on the local network with intimate knowledge of the system can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0


CPE2.3 External links

http://exchange.xforce.ibmcloud.com/vulnerabilities/172013
http://www.ibm.com/support/pages/node/3177915

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###