CVE-2020-4210

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5

Description The issue is related to the Administrative Console Framework of IBM Spectrum Protect Plus, where a lack of neutralization of special elements used in an operating system command can be exploited. This can allow a remote attacker to execute arbitrary code on the system by using a specially crafted HTTP command.

Recommendations For versions 10.1.0 through 10.1.5, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the changeAdministratorPassword command to minimize the risk of exploitation.