CVE-2020-4955
HIGHIBM Spectrum Protect Operations Center - Unrestricted File Upload
Title source: ruleDescription
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6404966
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/192155
Scores
CVSS v3
8.0
EPSS
0.0124
EPSS Percentile
79.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
ibm/spectrum_protect_operations_center
7.1.0.000 - 7.1.13.000
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026