Vulnerability Details : CVE-2020-4415
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.
Vulnerability category: OverflowMemory CorruptionInput validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2020-4415
Probability of exploitation activity in the next 30 days: 1.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-4415
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
IBM Corporation |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-4415
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-4415
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/179990
IBM Spectrum Protect buffer overflow CVE-2020-4415 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6195706
Security Bulletin: Stack-based Buffer Overflow vulnerability in IBM Spectrum Protect ServerPatch;Vendor Advisory
Products affected by CVE-2020-4415
- cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*