Lucene search
IBM7EAD2B2D19EEBA1863475FE8BF6EE0792C1EAB518AD414D59B01A6792D453A55HistoryNov 02, 2020 - 7:37 p.m.
Security Bulletin: IBM I2 iBase is vulnerable to unrestricted file upload (CVE-2020-4588)
2020-11-0219:37:12
www.ibm.com
14
ibm i2 ibase
unrestricted file upload
vulnerability
fixed
ibase 9
EPSS
0.001
Percentile
30.2%
Summary
iBase file uploads does not restrict the file type to be uploaded. This issue has been addressed.
Vulnerability Details
CVEID:CVE-2020-4588
**DESCRIPTION:**IBM i2 iBase could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184579 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM i2 iBase | All |
| IBM i2 iBase | 8.9.13 |
Remediation/Fixes
This was addressed in iBase 9. Please refer to your Passport Advantage account for upgrades
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2020-4588
2020-10-30 13:50:16
prion
prion
Design/Logic Flaw
2020-10-30 14:15:00
cve
cve
CVE-2020-4588
2020-10-30 14:15:13
nvd
nvd
CVE-2020-4588
2020-10-30 14:15:13
EPSS
0.001
Percentile
30.2%
Related for 7EAD2B2D19EEBA1863475FE8BF6EE0792C1EAB518AD414D59B01A6792D453A55