
CVE-2020-4627: IBM Cloud Pak for Security RCE
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
IBM Cloud Pak for Security 1.3.0.1 (CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
NVD Base score of this vulnerability is 9.0 Critical. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1.3 Affected Version
IBM Cloud Pak for Security (CP4S) - 1.3.0.1
1.4 Vulnerability Attribution
This vulnerability is reported by IBM X-Force Ethical Hacking Team.
1.5 Risk Impact
IBM Cloud Pak® for Security is an open security platform that connects to the existing data sources to generate deeper insights and enables a user to act faster with automation. Whether the data resides on IBM or third-party tools, on-premises or multiple cloud environments, the platform helps to find and respond to threats and risks — all while leaving the data where it is. So, it can uncover hidden threats, make more informed risk-based decisions, and respond to incidents faster. Exploiting this vulnerability can lead to shutting down the Security of the entire organization itself and exposing it to external threats. A public domain exploit is not available.
1.6 Virsec Security Platform (VSP) Support:
The Virsec Security Platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
1.7 Reference Links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-4627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185367
- https://www.ibm.com/support/pages/node/6372538
- https://www.ibm.com/in-en/products/cloud-pak-for-security
Download the full vulnerability report to learn more about this and other important vulnerabilities.