CVE-2020-4627: IBM Cloud Pak for Security RCE

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

IBM Cloud Pak for Security 1.3.0.1 (CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

NVD Base score of this vulnerability is 9.0 Critical. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

1.3        Affected Version

IBM Cloud Pak for Security (CP4S) - 1.3.0.1

1.4        Vulnerability Attribution

This vulnerability is reported by IBM X-Force Ethical Hacking Team.

1.5        Risk Impact

IBM Cloud Pak® for Security is an open security platform that connects to the existing data sources to generate deeper insights and enables a user to act faster with automation. Whether the data resides on IBM or third-party tools, on-premises or multiple cloud environments, the platform helps to find and respond to threats and risks — all while leaving the data where it is. So, it can uncover hidden threats, make more informed risk-based decisions, and respond to incidents faster. Exploiting this vulnerability can lead to shutting down the Security of the entire organization itself and exposing it to external threats. A public domain exploit is not available.

1.6        Virsec Security Platform (VSP) Support:

The Virsec Security Platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

1.7        Reference Links:

• https://nvd.nist.gov/vuln/detail/CVE-2020-4627
• https://exchange.xforce.ibmcloud.com/vulnerabilities/185367
• https://www.ibm.com/support/pages/node/6372538
• https://www.ibm.com/in-en/products/cloud-pak-for-security

Download the full vulnerability report to learn more about this and other important vulnerabilities.