Authentication Bypass in IBM Spectrum Protect Operations Center
CVE-2020-4954

4.2MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Operations Center
Vendor: CVE Published:; 15 February 2021

What is CVE-2020-4954?

IBM Spectrum Protect Operations Center versions 7.1 and 8.1 are vulnerable to an authentication bypass due to improper session validation. An attacker could exploit this flaw using a compromised IBM Spectrum Protect server to obtain a valid session. Once access is gained, the attacker could bypass authentication restrictions and utilize limited debug functions, including logging level modifications. This vulnerability underscores the importance of securing session management to prevent unauthorized access.

Affected Version(s)

Spectrum Protect Operations Center 8.1

Spectrum Protect Operations Center 7.1

Spectrum Protect Operations Center 8.1.10.100

References

https://www.ibm.com/support/pages/node/6404966

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/192153

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2021
Vulnerability Reserved
Dec 30, 2019