github - ghsa-jgx4-qxw5-g434

ghsa-jgx4-qxw5-g434

Vulnerability from github

Published

2022-05-24 17:42

Modified

2022-05-24 17:42

Details

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-4955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-15T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.",
  "id": "GHSA-jgx4-qxw5-g434",
  "modified": "2022-05-24T17:42:14Z",
  "published": "2022-05-24T17:42:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4955"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6404966"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2020-4955

Vulnerability from cvelistv5

Published

2021-02-15 15:05

Modified

2024-09-17 02:31

Severity

8.0 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.

References

URL	Tags
https://www.ibm.com/support/pages/node/6404966	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/192155	vdb-entry, x_refsource_XF

Impacted products

Vendor	Product
IBM	Spectrum Protect Operations Center

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6404966"
          },
          {
            "name": "ibm-spectrum-cve20204955-code-exec (192155)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spectrum Protect Operations Center",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "8.1.10.100"
            },
            {
              "status": "affected",
              "version": "7.1.12"
            }
          ]
        }
      ],
      "datePublic": "2021-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/S:C/A:H/AC:H/PR:L/UI:N/AV:A/I:H/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-15T15:06:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6404966"
        },
        {
          "name": "ibm-spectrum-cve20204955-code-exec (192155)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-12T00:00:00",
          "ID": "CVE-2020-4955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spectrum Protect Operations Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1"
                          },
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "8.1.10.100"
                          },
                          {
                            "version_value": "7.1.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "A",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6404966",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
              "url": "https://www.ibm.com/support/pages/node/6404966"
            },
            {
              "name": "ibm-spectrum-cve20204955-code-exec (192155)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4955",
    "datePublished": "2021-02-15T15:05:20.081987Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:31:23.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.