CVE-2020-4348

MEDIUM

IBM Spectrum Scale 4.2.0.0-4.2.3.21 and 5.0.0.0-5.0.4.4 - Authenticated Missing Function Level Access Control

Title source: llm
STIX 2.1

Description

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6213739
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/178414

Scores

CVSS v3 6.5
EPSS 0.0076
EPSS Percentile 50.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
ibm/spectrum_scale 4.2.0.0 - 4.2.3.21
Published May 27, 2020
Tracked Since Feb 18, 2026