CVE-2020-4494Improper Authentication in IBM Spectrum Protect Client

CWE-287Improper AuthenticationCWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 56.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect ClientIBM Spectrum Protect FOR Space Management
Timeline
PublishedJun 15
Latest updateMay 24

Description

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5ibm/spectrum_protect_for_space_management8.1.7.0, 8.1.9.0, 8.1.9.1+2
NVDibm/spectrum_protect_client8.1.7.08.1.9.1+1
CVEListV5ibm/spectrum_protect_client8.1.7.0, 8.1.9.0, 8.1.9.1+2
NVDibm/spectrum_protect8.1.7.08.1.9.1+1

🔴Vulnerability Details

2
GHSA
GHSA-gww9-rjpc-m25m: IBM Spectrum Protect Client 82022-05-24
CVEList
CVE-2020-4494: IBM Spectrum Protect Client 82020-06-15

💬Community

1
Bugzilla
CVE-2019-7578 SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c2019-02-13
CVE-2020-4494 — Improper Authentication in IBM | cvebase