IBM.SPP.uploadHttpsCertificate.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in IBM Spectrum Protect Plus.
The vulnerability is due to a lack of input validation in the Administrative Console service when parsing parameters in the uploadHttpsCertificate method. A remote, authenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of root.
Affected Products
IBM Spectrum Protect Plus prior to 10.1.5.2199
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.ibm.com/support/pages/node/6114130
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |