First published: Fri Jun 12 2020(Updated: )
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the Discovery Server service. The product contains a hard-coded password for an account. An attacker can leverage this vulnerability to bypass authentication on the system.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Protect Plus | ||
IBM Spectrum Protect Plus | <=10.1.0-10.1.5 | |
IBM Spectrum Protect Plus | >=10.1.0<=10.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4216 is a vulnerability in IBM Spectrum Protect Plus that allows remote attackers to bypass authentication.
No, authentication is not required to exploit CVE-2020-4216.
CVE-2020-4216 has a severity rating of 9.8, which is considered critical.
To fix the CVE-2020-4216 vulnerability, you should update IBM Spectrum Protect Plus to a version that is not affected.
You can find more information about CVE-2020-4216 on the IBM Support, Zero Day Initiative, and IBM X-Force Exchange websites.