CVE-2020-4954

MEDIUM

IBM Spectrum Protect Operations Center <8.1 - Auth Bypass

Title source: llm

Description

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6404966

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/192153

Scores

CVSS v3 5.4

EPSS 0.0009

EPSS Percentile 24.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-384

Status published

Products (1)

ibm/spectrum_protect_operations_center 7.1.0.000 - 7.1.13.000

Published Feb 15, 2021

Tracked Since Feb 18, 2026