E20-11ox1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2020
Description
This strike exploits a command injection vulnerability in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input sanitization for injection or invalid characters in the filename parameter. When an attacker sends an HTTP POST request to the "/emi/api/uploadhttpscertificate" URI, command execution can occur.