IBM Spectrum Protect up to 8.1.9.1 Web User Interface clickjacking

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM Spectrum Protect up to 8.1.9.1 (Backup Software). It has been rated as critical. This issue affects an unknown part of the component Web User Interface. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1055382310/24/2020VulD...cve_cnaIBM Corporationnvd.nist.gov10/24/2020accepted70
1055382210/24/2020VulD...xforce179488cve.mitre.org10/24/2020accepted70
1055382110/24/2020VulD...confirm_urlhttps://www.ibm.com/support/pages/node/6221448cve.mitre.org10/24/2020accepted70
1017369006/16/2020VulD...cwe451 (privilege escalation)06/16/2020accepted90
1017368806/16/2020VulD...cve_nvd_summaryIBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.mitre.org06/16/2020accepted100
1017368706/16/2020VulD...cve_assigned1577664000mitre.org06/16/2020accepted100
1017368106/16/2020VulD...cvss3_nvd_aNnist.gov06/16/2020accepted100
1017368006/16/2020VulD...cvss3_nvd_iLnist.gov06/16/2020accepted100
1017367906/16/2020VulD...cvss3_nvd_cLnist.gov06/16/2020accepted100
1017367806/16/2020VulD...cvss3_nvd_sCnist.gov06/16/2020accepted100
1017367706/16/2020VulD...cvss3_nvd_uiRnist.gov06/16/2020accepted100
1017367606/16/2020VulD...cvss3_nvd_prLnist.gov06/16/2020accepted100
1017367506/16/2020VulD...cvss3_nvd_acLnist.gov06/16/2020accepted100
1017367406/16/2020VulD...cvss3_nvd_avNnist.gov06/16/2020accepted100
1017364806/16/2020VulD...typeBackup Software06/16/2020accepted100
1017369806/16/2020VulD...cvss3_nvd_basescore5.4nist.gov06/16/2020accepted90
1017369706/16/2020VulD...cvss3_vuldb_rcX06/16/2020accepted90
1017369606/16/2020VulD...cvss3_vuldb_rlX06/16/2020accepted90
1017369506/16/2020VulD...cvss3_vuldb_eX06/16/2020accepted90
1017369406/16/2020VulD...cvss2_vuldb_rcND06/16/2020accepted90

Do you want to use VulDB in your project?

Use the official API to access entries easily!