Remote Denial of Service Vulnerability in IBM Spectrum Protect Operations Center
CVE-2020-4956
4.8MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 15 February 2021
Summary
IBM Spectrum Protect Operations Center versions 7.1 and 8.1 are susceptible to a denial of service due to a vulnerability in the RPC mechanism. This flaw allows a remote attacker to set an unusually large cache value that can be repeatedly dumped to a file, leading to excessive memory consumption and potentially rendering the service unavailable. This presents a significant risk for organizations relying on this product for data protection and management.
Affected Version(s)
Spectrum Protect Operations Center 8.1
Spectrum Protect Operations Center 7.1
Spectrum Protect Operations Center 8.1.10.100
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved