CVE-2020-4928

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System version 2.3

Description A local privileged attacker could upload arbitrary files to the server. By intercepting the request and modifying the file extension, the attacker could execute arbitrary code on the server.

Recommendations For IBM Cloud Pak System version 2.3, consider restricting file uploads or modifying the file extension validation to prevent arbitrary code execution until a patch is available. As a temporary workaround, consider disabling the file upload feature to minimize the risk of exploitation.