Risk | High |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2020-4213 CVE-2020-4222 CVE-2020-4212 CVE-2020-4211 CVE-2020-4210 CVE-2019-4703 |
CWE-ID | CWE-77 CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
IBM Spectrum Protect Plus Server applications / Other server solutions |
Vendor | IBM Corporation |
This security bulletin contains information about 6 vulnerabilities.
Updated 03.04.2020
Added vulnerability #6
EUVDB-ID: #VU25800
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4213
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "username" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
http://exchange.xforce.ibmcloud.com/vulnerabilities/175024
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-270/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU25799
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4222
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "password" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
http://exchange.xforce.ibmcloud.com/vulnerabilities/175091
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-271/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU25798
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4212
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hfpackage" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
http://exchange.xforce.ibmcloud.com/vulnerabilities/175023
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-272/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU25797
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4211
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service due to improper validation of a user-supplied string in the "hostname" parameter before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
http://exchange.xforce.ibmcloud.com/vulnerabilities/175022
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-273/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU25796
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4210
CWE-ID:
CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists within the Administrative Console Framework service in the "changeAdministratorPassword" functionality due to improper validation of a user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted HTTP command and execute arbitrary command on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
http://exchange.xforce.ibmcloud.com/vulnerabilities/175020
http://www.ibm.com/support/pages/node/3178863
http://www.zerodayinitiative.com/advisories/ZDI-20-274/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU26560
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-4703
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the user id and password may be exposed when protecting Microsoft SQL or Microsoft Exchange. A remote attacker on the local network with intimate knowledge of the system can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Plus: 10.1.0.0 - 10.1.5.0
http://exchange.xforce.ibmcloud.com/vulnerabilities/172013
http://www.ibm.com/support/pages/node/3177915
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.