Lucene search

IbmCVE-2020-4406

HistoryJun 15, 2020 - 2:15 p.m.

CVE-2020-4406

2020-06-1514:15:11

CWE-1021

ibm

web.nvd.nist.gov

ibm

spectrum protect

client

space

management

web

vulnerability

ibm x-force id 179488

cve-2020-4406.

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelMatch-

microsoftwindowsMatch-

AND

ibmspectrum_protect_clientRange8.1.7.0–8.1.9.1

Node

ibmaixMatch-

AND

ibmspectrum_protect_clientRange8.1.9.0–8.1.9.1

Node

linuxlinux_kernelMatch-

AND

ibmspectrum_protect_for_space_managementRange8.1.7.0–8.1.9.1

Node

ibmaixMatch-

AND

ibmspectrum_protect_for_space_managementRange8.1.9.0–8.1.9.1

VendorProductVersionCPE
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
ibmspectrum_protect_client*cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*
ibmaix-cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
ibmspectrum_protect_for_space_management*cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
ibm	spectrum_protect_client	*	cpe:2.3:a:ibm:spectrum_protect_client::::::::
ibm	aix	-	cpe:2.3:o:ibm:aix:-:::::::*
ibm	spectrum_protect_for_space_management	*	cpe:2.3:a:ibm:spectrum_protect_for_space_management::::::::

CNA Affected

[
  {
    "product": "Spectrum Protect Client (Linux and Windows)",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.7.0"
      },
      {
        "status": "affected",
        "version": "8.1.9.1"
      }
    ]
  },
  {
    "product": "Spectrum Protect Client (AIX)",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.9.0"
      },
      {
        "status": "affected",
        "version": "8.1.9.1"
      }
    ]
  },
  {
    "product": "Spectrum Protect for Space Management (AIX)",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.9.0"
      },
      {
        "status": "affected",
        "version": "8.1.9.1"
      }
    ]
  },
  {
    "product": "Spectrum Protect for Space Management (Linux)",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.7.0"
      },
      {
        "status": "affected",
        "version": "8.1.9.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/179488

www.ibm.com/support/pages/node/6221448

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

Related for CVE-2020-4406