Lucene search
KPC of Trend Micro Zero Day InitiativeZDI-20-349HistoryMar 31, 2020 - 12:00 a.m.
IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability
2020-03-3100:00:00
KPC of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
21
EPSS
0.006
Percentile
77.9%
This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework service. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a file in the context of an administrator.
References
Related
nvd
nvd
CVE-2020-4240
2020-03-31 15:15:20
cvelist
cvelist
CVE-2020-4240
2020-03-31 14:31:48
prion
prion
Cross site request forgery (csrf)
2020-03-31 15:15:00
cve
cve
CVE-2020-4240
2020-03-31 15:15:20
