There is a vulnerability in PyYAML that could allow a remote attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Protect Plus Container agent for Kubernetes and the IBM Spectrum Protect Plus Microsoftยฎ Windows File Systems agent.
CVEID:CVE-2020-1747
**DESCRIPTION:**PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing untrusted YAML files through the full_load method or with the FullLoader loader. By abusing the python/object/new constructor, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178416 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus Container Agent for Kubernetes (Linux) | 10.1.5-10.1.6 |
IBM Spectrum Protect Plus Microsoft File Systems Agent (Windows) | 10.1.6 |
Spectrum Protect Plus Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
10.1 | 10.1.7 |
Linux
Windows
| <https://www.ibm.com/support/pages/node/6330495>
None