CVE-2020-4955

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Operations Center versions 7.1 through 8.1

Description The issue is caused by improper parameter validation, allowing a remote attacker to execute arbitrary code on the system. An attacker could exploit this by creating an unspecified servlet request with specially crafted input parameters to load a malicious .dll with elevated privileges.

Recommendations For versions 7.1 and 8.1, consider disabling the servlet request functionality until a patch is available to prevent exploitation. Restrict access to the system to minimize the risk of loading malicious .dll files with elevated privileges.