CVE-2020-4627 - Vulnerability Details

Vendors	Products
Ibm	Cloud Pak For Security

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/185367
https://www.ibm.com/support/pages/node/6372538

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cloud Pak for Security", "vendor": "IBM", "versions": [{"status": "affected", "version": "1.3.0.1"}]}], "datePublic": "2020-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/UI:R/A:L/PR:L/I:L/AC:L/C:L/AV:N/S:C/RC:C/RL:O/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-30T15:30:30", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6372538"}, {"name": "ibm-cp4s-cve20204627-code-exec (185367)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185367"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-11-25T00:00:00", "ID": "CVE-2020-4627", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Pak for Security", "version": {"version_data": [{"version_value": "1.3.0.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "C", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6372538", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6372538 (Cloud Pak for Security)", "url": "https://www.ibm.com/support/pages/node/6372538"}, {"name": "ibm-cp4s-cve20204627-code-exec (185367)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185367"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:07:49.183Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6372538"}, {"name": "ibm-cp4s-cve20204627-code-exec (185367)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185367"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4627", "datePublished": "2020-11-30T15:30:30.188507Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-17T00:11:23.082Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cloud Pak for Security (string)

vendor : IBM (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.3.0.1 (string)

}

]

}

]

datePublic : 2020-11-25T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

exploitCodeMaturity : UNPROVEN (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

remediationLevel : OFFICIAL_FIX (string)

reportConfidence : CONFIRMED (string)

scope : CHANGED (string)

temporalScore : 5.7 (number)

temporalSeverity : MEDIUM (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/UI:R/A:L/PR:L/I:L/AC:L/C:L/AV:N/S:C/RC:C/RL:O/E:U (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Gain Privileges (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-11-30T15:30:30 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.ibm.com/support/pages/node/6372538 (string)

}

1 : { »

name : ibm-cp4s-cve20204627-code-exec (185367) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/185367 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

DATE_PUBLIC : 2020-11-25T00:00:00 (string)

ID : CVE-2020-4627 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cloud Pak for Security (string)

version : { »

version_data : [ »

0 : { »

version_value : 1.3.0.1 (string)

}

]

}

]

}

vendor_name : IBM (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. (string)

}

]

}

impact : { »

cvssv3 : { »

BM : { »

A : L (string)

AC : L (string)

AV : N (string)

C : L (string)

I : L (string)

PR : L (string)

S : C (string)

UI : R (string)

}

TM : { »

E : U (string)

RC : C (string)

RL : O (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Gain Privileges (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.ibm.com/support/pages/node/6372538 (string)

refsource : CONFIRM (string)

title : IBM Security Bulletin 6372538 (Cloud Pak for Security) (string)

url : https://www.ibm.com/support/pages/node/6372538 (string)

}

1 : { »

name : ibm-cp4s-cve20204627-code-exec (185367) (string)

refsource : XF (string)

title : X-Force Vulnerability Report (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/185367 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:07:49.183Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.ibm.com/support/pages/node/6372538 (string)

}

1 : { »

name : ibm-cp4s-cve20204627-code-exec (185367) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/185367 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2020-4627 (string)

datePublished : 2020-11-30T15:30:30.188507Z (string)

dateReserved : 2019-12-30T00:00:00 (string)

dateUpdated : 2024-09-17T00:11:23.082Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:1.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "68257FAB-5E2B-4948-ABD0-35C6D7504722", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367."}, {"lang": "es", "value": "IBM Cloud Pak for Security versi\u00f3n 1.3.0.1 (CP4S) potencialmente vulnerable a una inyecci\u00f3n CVS.&#xa0;Un atacante remoto podr\u00eda ejecutar comandos arbitrarios en el sistema, provocados por una comprobaci\u00f3n inapropiada del contenido del archivo csv.&#xa0; IBM X-Force ID: 185367"}], "id": "CVE-2020-4627", "lastModified": "2024-11-21T05:33:00.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-30T16:15:13.577", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185367"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6372538"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6372538"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:cloud_pak_for_security:1.3.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 68257FAB-5E2B-4948-ABD0-35C6D7504722 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. (string)

}

1 : { »

lang : es (string)

value : IBM Cloud Pak for Security versión 1.3.0.1 (CP4S) potencialmente vulnerable a una inyección CVS. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, provocados por una comprobación inapropiada del contenido del archivo csv.  IBM X-Force ID: 185367 (string)

}

]

id : CVE-2020-4627 (string)

lastModified : 2024-11-21T05:33:00.740 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (string)

version : 3.0 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 3.7 (number)

source : psirt@us.ibm.com (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-11-30T16:15:13.577 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : VDB Entry (string)

1 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/185367 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.ibm.com/support/pages/node/6372538 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : VDB Entry (string)

1 : Vendor Advisory (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/185367 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.ibm.com/support/pages/node/6372538 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-1236 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object