CVE-2020-4406

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Client (linux And Windows); Spectrum Protect Client (aix); Spectrum Protect For Space Management (aix); Spectrum Protect For Space Management (linux)
Vendor: CVE Published:; 15 June 2020

Summary

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.

Affected Version(s)

Spectrum Protect Client (AIX) 8.1.9.0

Spectrum Protect Client (AIX) 8.1.9.1

Spectrum Protect Client (Linux and Windows) 8.1.7.0

References

https://www.ibm.com/support/pages/node/6221448

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179488

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 15, 2020
Vulnerability Reserved
Dec 30, 2019