CVE-2020-4954

CWE-3843 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 74.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Protect Operations Center

Timeline

PublishedFeb 15

Latest updateMay 24

Description

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDibm/spectrum_protect_operations_center7.1.0.000 — 7.1.13.000+1

▶CVEListV5ibm/spectrum_protect_operations_center4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-pvf9-39pw-fm6f: IBM Spectrum Protect Operations Center 7↗2022-05-24

▶

CVEList

CVE-2020-4954: IBM Spectrum Protect Operations Center 7↗2021-02-15

▶