Vulnerability Description

On September 15, 2020, NSFOCUS detected that IBM released a security bulletin, which fixed directory traversal and arbitrary code execution vulnerabilities (CVE-2020-4711, CVE-2020-4703) in IBM Spectrum Protect Plus Administrative Console. The directory traversal vulnerability (CVE-2020-4711) exists in a script (/opt/ECX/tools/scripts/restore_wrapper.sh) within Spectrum Protect Plus. An unauthenticated attacker could send a crafted HTTP request to view arbitrary files on the system. CVE-2020-4703 allows an authenticated attack to upload arbitrary files, which could then be used to execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. Currently, the proof of concept (PoC) of this vulnerability has been made publicly available. Relevant users are advised to take protective measures as soon as possible.

IBM Spectrum Protect Plus is a data protection and availability solution for virtual environments. It can be implemented as an independent solution or environmentally integrated into IBM Spectrum Protect, thereby offloading copies for long-term storage and data governance efficiently at scale.