PT-2020-18059 · Ibm · Ibm Spectrum Protect

Published

2020-04-23

Updated

2021-07-21

CVE-2020-4415

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect versions 7.1 through 7.1.10 IBM Spectrum Protect versions 8.1.0 through 8.1.9.2

Description The issue is caused by improper bounds checking, leading to a stack-based buffer overflow. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server, or cause the Spectrum Protect server to crash.

Recommendations For IBM Spectrum Protect versions 7.1 through 7.1.10, update to a version outside of this range to resolve the issue. For IBM Spectrum Protect versions 8.1.0 through 8.1.9.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Spectrum Protect server to minimize the risk of exploitation.

Fix

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

CVE-2020-4415

Affected Products

Ibm Spectrum Protect

PT-2020-18059 · Ibm · Ibm Spectrum Protect

CVE-2020-4415

Weakness Enumeration

Related Identifiers

Affected Products

References · 6