All the vulnerabilites related to IBM - Spectrum Protect Client (Linux and Windows)
cve-2020-4494
Vulnerability from cvelistv5
Published
2020-06-15 13:25
Modified
2024-09-17 02:41
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Summary
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.
References
https://www.ibm.com/support/pages/node/6221448x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/182019vdb-entry, x_refsource_XF
Impacted products
IBMSpectrum Protect for Space Management (Linux)
IBMSpectrum Protect for Space Management (AIX)
IBMSpectrum Protect Client (AIX)
IBMSpectrum Protect Client (Linux and Windows)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6221448"
          },
          {
            "name": "ibm-spectrum-cve20204494-info-disc (182019)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spectrum Protect for Space Management (Linux)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.7.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        },
        {
          "product": "Spectrum Protect for Space Management (AIX)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.9.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        },
        {
          "product": "Spectrum Protect Client (AIX)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.9.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        },
        {
          "product": "Spectrum Protect Client (Linux and Windows)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.7.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        }
      ],
      "datePublic": "2020-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:N/A:N/S:U/UI:N/C:H/AC:L/PR:N/AV:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-15T13:25:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6221448"
        },
        {
          "name": "ibm-spectrum-cve20204494-info-disc (182019)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-12T00:00:00",
          "ID": "CVE-2020-4494",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spectrum Protect for Space Management (Linux)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.7.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Protect for Space Management (AIX)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.9.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Protect Client (AIX)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.9.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Protect Client (Linux and Windows)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.7.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6221448",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))",
              "url": "https://www.ibm.com/support/pages/node/6221448"
            },
            {
              "name": "ibm-spectrum-cve20204494-info-disc (182019)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4494",
    "datePublished": "2020-06-15T13:25:27.712455Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:41:34.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4406
Vulnerability from cvelistv5
Published
2020-06-15 13:25
Modified
2024-09-17 00:15
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Summary
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.
References
https://www.ibm.com/support/pages/node/6221448x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/179488vdb-entry, x_refsource_XF
Impacted products
IBMSpectrum Protect Client (Linux and Windows)
IBMSpectrum Protect Client (AIX)
IBMSpectrum Protect for Space Management (AIX)
IBMSpectrum Protect for Space Management (Linux)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:06.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6221448"
          },
          {
            "name": "ibm-spectrum-cve20204406-clickjacking (179488)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spectrum Protect Client (Linux and Windows)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.7.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        },
        {
          "product": "Spectrum Protect Client (AIX)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.9.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        },
        {
          "product": "Spectrum Protect for Space Management (AIX)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.9.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        },
        {
          "product": "Spectrum Protect for Space Management (Linux)",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.7.0"
            },
            {
              "status": "affected",
              "version": "8.1.9.1"
            }
          ]
        }
      ],
      "datePublic": "2020-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/C:L/PR:L/AC:L/UI:R/S:C/A:N/I:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-15T13:25:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6221448"
        },
        {
          "name": "ibm-spectrum-cve20204406-clickjacking (179488)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-12T00:00:00",
          "ID": "CVE-2020-4406",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spectrum Protect Client (Linux and Windows)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.7.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Protect Client (AIX)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.9.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Protect for Space Management (AIX)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.9.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Spectrum Protect for Space Management (Linux)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.7.0"
                          },
                          {
                            "version_value": "8.1.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6221448",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))",
              "url": "https://www.ibm.com/support/pages/node/6221448"
            },
            {
              "name": "ibm-spectrum-cve20204406-clickjacking (179488)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4406",
    "datePublished": "2020-06-15T13:25:25.338254Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T00:15:44.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}