Remote Denial of Service Vulnerability in IBM Spectrum Protect Operations Center
CVE-2020-4956

4.8MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 February 2021

Summary

IBM Spectrum Protect Operations Center versions 7.1 and 8.1 are susceptible to a denial of service due to a vulnerability in the RPC mechanism. This flaw allows a remote attacker to set an unusually large cache value that can be repeatedly dumped to a file, leading to excessive memory consumption and potentially rendering the service unavailable. This presents a significant risk for organizations relying on this product for data protection and management.

Affected Version(s)

Spectrum Protect Operations Center 8.1

Spectrum Protect Operations Center 7.1

Spectrum Protect Operations Center 8.1.10.100

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.