CVE-2020-4494

EPSS 0.21%
Published 15.06.2020 14:15:12
Last modified 21.11.2024 05:32:48
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Spectrum Protect Client Version >= 8.1.7.0 <= 8.1.9.1

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Spectrum Protect Client Version >= 8.1.9.0 <= 8.1.9.1

Ibm ≫ Aix Version-

Ibm ≫ Spectrum Protect For Space Management Version >= 8.1.7.0 <= 8.1.9.1

Linux ≫ Linux Kernel Version-

Ibm ≫ Spectrum Protect For Space Management Version >= 8.1.9.0 <= 8.1.9.1

Ibm ≫ Aix Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.401

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@us.ibm.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.ibm.com/support/pages/node/6221448

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/182019

Vendor Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-4494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4494

EUVD