Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM’s Spectrum Shield Additionally information-storage security resolution could allow distant code execution.
IBM has issued fixes for vulnerabilities in Spectrum Guard In addition, Large Blue’s security resource located underneath the umbrella of its Spectrum info storage application branding. The flaws can be exploited by distant attackers to execute code on susceptible units.
IBM Spectrum Safeguard Additionally is a information-defense option that offers near-prompt restoration, replication, reuse and self-company for digital machines. The vulnerabilities (CVE-2020-4703 and CVE-2020-4711) affect versions 10.1. through 10.1.6 of IBM Spectrum Safeguard In addition.
The more really serious of the two flaws (CVE-2020-4703) exists in IBM Spectrum Secure Plus’ Administrative Console and could permit an authenticated attacker to add arbitrary data files – which could then be applied to execute arbitrary code on the susceptible server, according to researchers with Tenable, who learned the flaws, in a Monday advisory. The bug ranks 8 out of 10 on the CVSS scale, making it large-severity.
This vulnerability is due to an incomplete repair for CVE-2020-4470, a large-severity flaw that was previously disclosed in June. An exploit for CVE-2020-4470 involves two operations, Tenable scientists stated: “The 1st operation is to upload a destructive RPM package deal to a listing writable by the administrator account by sending an HTTP Write-up concept to URL endpoint https://
But IBM’s ensuing resolve for CVE-2020-4470 only tackled the next operation by implementing authentication for the /emi/api/hotfix endpoint. Researchers discovered, it was continue to attainable to upload unauthenticated arbitrary data files to a listing writable by the administrator account, less than which the endpoint handlers operate – paving the way for code execution on vulnerable methods.
“The attacker can set malicious written content (i.e., scriptlets) in the RPM and and issue a ‘sudo /bin/rpm -ivh /tmp/
The second flaw, CVE-2020-4711, exists in a script (/decide/ECX/resources/scripts/restore_wrapper.sh) within just Spectrum Shield Furthermore. A directory path look at within just this functionality can be bypassed through path traversal. An unauthenticated, distant attacker can exploit this issue by sending a specially crafted HTTP request to a specifically-crafted URL endpoint (https://
That endpoint doesn’t need any authentication (when the cmode parameter is the restorefromjob method). When the ask for has been despatched, the endpoint handler as an alternative calls a strategy (com.catalogic.ecx.catalogmanager.area.CatalogManagerServiceImpl.restoreFromJob) without examining for user credentials. The restoreFromJob strategy then executes the /choose/ECX/tools/scripts/restore_wrapper.sh script as root – making it possible for the attacker to view arbitrary documents on the method.
Tenable scientists found the flaws on July 31 and documented them to IBM on Aug. 18. IBM introduced the patches and an advisory disclosing the flaws on Monday. Threatpost has arrived at out to IBM for even more comment.
In latest months, several IBM goods have been observed to have security vulnerabilities. In August, a shared-memory flaw was uncovered in IBM’s upcoming-gen facts-management software that researchers stated could lead to other threats — as demonstrated by a new evidence-of-idea exploit for the bug.
And in April, four significant security vulnerabilities in the IBM Knowledge Risk Manager (IDRM) have been determined that can guide to unauthenticated remote code execution (RCE) as root in vulnerable versions, in accordance to examination – and a proof-of-thought exploit is offered.
On Wed Sept. 16 @ 2 PM ET: Learn the techniques to operating a productive Bug Bounty System. Register today for this FREE Threatpost webinar “Five Essentials for Managing a Successful Bug Bounty Program“. Hear from top Bug Bounty Method experts how to juggle community compared to non-public packages and how to navigate the difficult terrain of running Bug Hunters, disclosure guidelines and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this LIVE webinar.
Some parts of this article is sourced from: