Lucene search

IbmCVELIST:CVE-2020-4496

HistoryDec 13, 2021 - 6:35 p.m.

CVE-2020-4496

2021-12-1318:35:29

ibm

www.cve.org

ibm spectrum protect plus

man-in-the-middle attack

improper certificate validation

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.

CNA Affected

[
  {
    "product": "Spectrum Protect Plus",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.8.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/182046

www.ibm.com/support/pages/node/6525346

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

Related for CVELIST:CVE-2020-4496