IBM Spectrum Protect à 8.1.9.1 Web User Interface elévation de privilèges

entréeeditHistoryDiffjsonxmlCTI

Une vulnérabilité a été trouvé dans IBM Spectrum Protect à 8.1.9.1 (Backup Software) et classée critique. Affecté par cette vulnérabilité est une fonction inconnue du composant Web User Interface. Il n'y a aucune information à propos de possibles contremesures connues. Il est suggéré de remplacer l'object infecté par un produit alternatif.

Field16/06/2020 12:05 PM24/10/2020 05:44 PM24/10/2020 05:49 PM
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore5.45.45.4
vendorIBMIBMIBM
nameSpectrum ProtectSpectrum ProtectSpectrum Protect
version<=8.1.9.1<=8.1.9.1<=8.1.9.1
componentWeb User InterfaceWeb User InterfaceWeb User Interface
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore6.06.06.0
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.55.55.5
cvss3_meta_tempscore5.55.55.5
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.55.55.5
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592179200 (15/06/2020)1592179200 (15/06/2020)1592179200 (15/06/2020)
urlhttps://www.ibm.com/support/pages/node/6221448https://www.ibm.com/support/pages/node/6221448https://www.ibm.com/support/pages/node/6221448
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2020-4406CVE-2020-4406CVE-2020-4406
seealso156766156766156766
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
typeBackup SoftwareBackup SoftwareBackup Software
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
cve_assigned157766400015776640001577664000
cve_nvd_summaryIBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.
cwe451 (elévation de privilèges)451 (elévation de privilèges)451 (elévation de privilèges)
confirm_urlhttps://www.ibm.com/support/pages/node/6221448https://www.ibm.com/support/pages/node/6221448
xforce179488179488
cve_cnaIBM Corporation

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!