Lucene search

IbmCVELIST:CVE-2020-4954

HistoryFeb 15, 2021 - 3:05 p.m.

CVE-2020-4954

2021-02-1515:05:19

ibm

www.cve.org

ibm spectrum protect

operations center

authentication bypass

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

36.4%

JSON

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.

CNA Affected

[
  {
    "product": "Spectrum Protect Operations Center",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "8.1.10.100"
      },
      {
        "status": "affected",
        "version": "7.1.12"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/192153

www.ibm.com/support/pages/node/6404966

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

36.4%

JSON

Related for CVELIST:CVE-2020-4954