CVE-2020-4955 HIGH

CVE-2020-4955

Vendor Ibm
Product Spectrum Protect Operations Center
Published February 15, 2021
Last update September 17, 2024

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/C:H/S:C/A:H/AC:H/PR:L/UI:N/AV:A/I:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.

Key dates

02Disclosure timeline

February 15, 2021 CVE published
September 17, 2024 Record updated