SB2020040304 - Multiple vulnerabilities in IBM Spectrum Protect Plus and IBM Spectrum Scale

Security Bulletin ID SB2020040304

Severity

High

Patch available

YES

Number of vulnerabilities 7

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Command Injection (CVE-ID: CVE-2020-4206)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to the process does not properly validate a user-supplied string before using it to execute a system call when parsing the "timezone" parameter. A remote authenticated attacker can send a specially crafted request and execute arbitrary commands on the system in the context of root.

2) Use of hard-coded credentials (CVE-ID: CVE-2020-4208)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists within the Administrative Console Framework service due to the service uses a hard-coded password as the current password while resetting the password of the serveradmin user. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Input validation error (CVE-ID: CVE-2020-4214)

The vulnerability allows a remote attacker to delete arbitrary directories.

The vulnerability exists due to insufficient validation of user-supplied input via "cleanupUpdateImage" in the Administrative Console Framework service. A remote attacker can pass specially crafted input to the application and delete arbitrary directories on the target system.

4) OS Command Injection (CVE-ID: CVE-2020-4242)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to the "uploadLdapCertificate" method does not properly validate a user-supplied string before using it to execute a system call when parsing the "filename" parameter. A remote authenticated attacker can send a specially crafted request and execute arbitrary commands on the system.

5) Command Injection (CVE-ID: CVE-2020-4241)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists within the Administrative Console Framework service due to the "uploadHttpsCertificate" method does not properly validate a user-supplied string before using it to execute a system call when parsing the "filename" parameter. A remote authenticated attacker can send a specially crafted request and execute arbitrary commands on the system.

6) Path traversal (CVE-ID: CVE-2020-4240)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists within the Administrative Console Framework service due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and overwrite or create arbitrary files on the system

7) Path traversal (CVE-ID: CVE-2020-4209)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in uploadLdapCertificate and uploadHttpsCertificate. A remote authenticated user can send a specially crafted HTTP request and create arbitrary files on the system.

Remediation

Install update from vendor's website.

SB2020040304 - Multiple vulnerabilities in IBM Spectrum Protect Plus and IBM Spectrum Scale

Breakdown by Severity

Description

Remediation

References

Please verify you're human