Clickjacking Vulnerability in IBM Spectrum Protect Client and Space Management
CVE-2020-4406

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Client (linux And Windows); Spectrum Protect Client (aix); Spectrum Protect For Space Management (aix); Spectrum Protect For Space Management (linux)
Vendor: CVE Published:; 15 June 2020

What is CVE-2020-4406?

The vulnerability present in IBM Spectrum Protect Client and Space Management allows a remote attacker to trick a victim into clicking on malicious content. By leading unsuspecting users to a harmful website, the attacker can hijack the victim's click actions. This exploitation could facilitate further attacks against the victim without their informed consent. Affected versions include certain releases on Linux, Windows, and AIX platforms, emphasizing the necessity for users to assess their systems and apply necessary patches to mitigate this risk.

Affected Version(s)

Spectrum Protect Client (AIX) 8.1.9.0

Spectrum Protect Client (AIX) 8.1.9.1

Spectrum Protect Client (Linux and Windows) 8.1.7.0

References

https://www.ibm.com/support/pages/node/6221448

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/179488

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2020
Vulnerability Reserved
Dec 30, 2019