IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/184979 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6335281 | Patch Vendor Advisory |
Configurations
History
No history.
Information
Published : 2020-09-22 14:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-4620
Mitre link : CVE-2020-4620
CVE.ORG link : CVE-2020-4620
JSON object : View
Products Affected
ibm
- data_risk_manager
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type