CVE-2020-4955

Vulnerability

IBM Spectrum Protect Operations Center versions 7.1 and 8.1 are affected by a remote code execution vulnerability (CVE-2020-4955) due to improper parameter validation in an unspecified servlet. An attacker can craft a servlet request with specially crafted input parameters to load a malicious dynamic-link library (.dll) with elevated privileges. The CVSS vector (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) indicates the attack requires adjacent network access, high complexity, and low privileges, with no user interaction [1].

Exploitation

To exploit this vulnerability, an attacker must be on the adjacent network and possess low-level privileges (e.g., a valid user account). The attacker sends a specially crafted servlet request to the Operations Center. The exact servlet endpoint is not disclosed, but the crafted input parameters trigger improper validation, allowing the attacker to load a malicious .dll file. The exploitation does not require user interaction [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the system with elevated privileges. Due to the scope change (S:C), the compromise can affect resources beyond the vulnerable component, leading to full compromise of confidentiality, integrity, and availability [1].

Mitigation

IBM has released a fix for version 8.1.11 (8.1.11.100) as of April 15, 2021. Users running 8.1 should upgrade to 8.1.11.100 or later. For version 7.1, no fix is provided; users are advised to upgrade to a supported version (e.g., 8.1.11.100). No workarounds are documented in the available reference [1].