CVE-2020-4686

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.1HIGH

EPSS

0.1%

top 65.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM SAN Volume Controller AND Storwize Family IBM Flashsystem V5000 Firmware IBM Flashsystem V7200 Firmware +9 more

Timeline

PublishedAug 17

Latest updateMay 24

Description

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages12 packages

▶NVDibm/spectrum_virtualize8.3.1

▶NVDibm/storwize_v5000_firmware8.3.1

▶NVDibm/storwize_v5100_firmware8.3.1

▶NVDibm/storwize_v7000_firmware8.3.1

▶NVDibm/storwize_v5000e_firmware8.3.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5p7-9wqm-8hrf: IBM Spectrum Virtualize 8↗2022-05-24

▶

CVEList

CVE-2020-4686: IBM Spectrum Virtualize 8↗2020-08-17

▶