CVE-2020-4494
HIGHIBM Spectrum Protect Client/for Space Management 8.1.7.0-8.1.9.1 Authentication Bypass
Title source: llmDescription
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6221448
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/182019
Scores
CVSS v3
7.5
EPSS
0.0223
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (2)
ibm/spectrum_protect_client
8.1.7.0 - 8.1.9.1
ibm/spectrum_protect_for_space_management
8.1.7.0 - 8.1.9.1
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026