← back
CVE-2020-4211

CVE-2020-4211

CVSS 9.8 CRITICALEPSS 71.1%
In short

IBM Spectrum Protect Plus versions 10.1.0 and 10.1.5 contain a flaw that allows attackers to run any code they want on the system by sending a specially crafted HTTP request. This is critical because it gives complete control of the affected server to an attacker.

Technical detail

CVE-2020-4211 is a remote code execution vulnerability in IBM Spectrum Protect Plus 10.1.0 and 10.1.5 exploitable via maliciously crafted HTTP commands without requiring authentication. The vulnerability allows unauthenticated remote attackers to execute arbitrary system commands with the privileges of the application, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.
CVSS:3.0/A:H/S:U/C:H/UI:N/I:H/AV:N/PR:N/AC:L/RC:C/E:U/RL:O
Affected products
IBM · Spectrum Protect Plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/175022https://www.ibm.com/support/pages/node/3178863https://www.zerodayinitiative.com/advisories/ZDI-20-273/