CVE-2020-4627

CRITICAL

IBM Cloud Pak for Security <1.3.0.1 - Command Injection

Title source: llm

Description

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6372538

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/185367

Scores

CVSS v3 9.0

EPSS 0.0089

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

ibm/cloud_pak_for_security 1.3.0.1

Published Nov 30, 2020

Tracked Since Feb 18, 2026