VDB-156761 · CVE-2020-4406 · XFDB 179488

IBM Spectrum Protect à 8.1.9.1 Web User Interface elévation de privilèges

Une vulnérabilité a été trouvé dans IBM Spectrum Protect à 8.1.9.1 (Backup Software) et classée critique. Affecté par cette vulnérabilité est une fonction inconnue du composant Web User Interface. Il n'y a aucune information à propos de possibles contremesures connues. Il est suggéré de remplacer l'object infecté par un produit alternatif.

Timeline

User

Field

Commit Conf

Approve Conf

ID	Commited	User	Field	Change	Remarks	Moderated	Reason	C
10553823	24/10/2020	VulD...	cve_cna	IBM Corporation	nvd.nist.gov	24/10/2020	accepted	70
10553822	24/10/2020	VulD...	xforce	179488	cve.mitre.org	24/10/2020	accepted	70
10553821	24/10/2020	VulD...	confirm_url	https://www.ibm.com/support/pages/node/6221448	cve.mitre.org	24/10/2020	accepted	70
10173690	16/06/2020	VulD...	cwe	451 (elévation de privilèges)		16/06/2020	accepted	90
10173688	16/06/2020	VulD...	cve_nvd_summary	IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.	mitre.org	16/06/2020	accepted	100
10173687	16/06/2020	VulD...	cve_assigned	1577664000	mitre.org	16/06/2020	accepted	100
10173681	16/06/2020	VulD...	cvss3_nvd_a	N	nist.gov	16/06/2020	accepted	100
10173680	16/06/2020	VulD...	cvss3_nvd_i	L	nist.gov	16/06/2020	accepted	100
10173679	16/06/2020	VulD...	cvss3_nvd_c	L	nist.gov	16/06/2020	accepted	100
10173678	16/06/2020	VulD...	cvss3_nvd_s	C	nist.gov	16/06/2020	accepted	100
10173677	16/06/2020	VulD...	cvss3_nvd_ui	R	nist.gov	16/06/2020	accepted	100
10173676	16/06/2020	VulD...	cvss3_nvd_pr	L	nist.gov	16/06/2020	accepted	100
10173675	16/06/2020	VulD...	cvss3_nvd_ac	L	nist.gov	16/06/2020	accepted	100
10173674	16/06/2020	VulD...	cvss3_nvd_av	N	nist.gov	16/06/2020	accepted	100
10173648	16/06/2020	VulD...	type	Backup Software		16/06/2020	accepted	100
10173698	16/06/2020	VulD...	cvss3_nvd_basescore	5.4	nist.gov	16/06/2020	accepted	90
10173697	16/06/2020	VulD...	cvss3_vuldb_rc	X		16/06/2020	accepted	90
10173696	16/06/2020	VulD...	cvss3_vuldb_rl	X		16/06/2020	accepted	90
10173695	16/06/2020	VulD...	cvss3_vuldb_e	X		16/06/2020	accepted	90
10173694	16/06/2020	VulD...	cvss2_vuldb_rc	ND		16/06/2020	accepted	90