CVE-2020-4415 - OpenCVE

IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Spectrum Protect

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spectrum_protect::::::::
	cpe:2.3:a:ibm:spectrum_protect::::::::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/179990
https://www.ibm.com/support/pages/node/6195706

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2020-04-23T13:10:24.859780Z

Updated: 2024-09-17T00:20:53.086Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4415

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-23T15:15:14.920

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-4415

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Protect", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.1.0.0"}, {"status": "affected", "version": "7.1.10.0"}, {"status": "affected", "version": "8.1.0.0"}, {"status": "affected", "version": "8.1.9.200"}]}], "datePublic": "2020-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 8.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AC:L/AV:N/S:U/I:H/A:H/C:H/UI:N/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-23T13:10:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6195706"}, {"name": "ibm-spectrum-cve20204415-bo (179990)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179990"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-04-21T00:00:00", "ID": "CVE-2020-4415", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Protect", "version": {"version_data": [{"version_value": "7.1.0.0"}, {"version_value": "7.1.10.0"}, {"version_value": "8.1.0.0"}, {"version_value": "8.1.9.200"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "N", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6195706", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6195706 (Spectrum Protect)", "url": "https://www.ibm.com/support/pages/node/6195706"}, {"name": "ibm-spectrum-cve20204415-bo (179990)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179990"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:07:47.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6195706"}, {"name": "ibm-spectrum-cve20204415-bo (179990)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179990"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4415", "datePublished": "2020-04-23T13:10:24.859780Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:20:53.086Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "137F1733-3D88-4012-8B60-02D142845868", "versionEndIncluding": "7.1.10.0", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*", "matchCriteriaId": "46649D3C-AF89-4A2B-AB24-FD8841D36528", "versionEndIncluding": "8.1.9.200", "versionStartIncluding": "8.1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990."}, {"lang": "es", "value": "El servidor de IBM Spectrum Protect versiones 7.1 y 8.1, es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria causado por una comprobaci\u00f3n de l\u00edmites inapropiada. Esto podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema con los privilegios de un administrador o usuario asociado con el servidor de Spectrum Protect o causar que el servidor de Spectrum Protect se bloquee. ID de IBM X-Force: 179990."}], "id": "CVE-2020-4415", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-23T15:15:14.920", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179990"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6195706"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}