CVE-2020-4406
First published: Fri Jun 12 2020(Updated: )
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect client | >=8.1.7.0<=8.1.9.1 | |
| Linux Linux kernel | ||
| Microsoft Windows | ||
| IBM Spectrum Protect client | >=8.1.9.0<=8.1.9.1 | |
| IBM AIX | ||
| Ibm Spectrum Protect For Space Management | >=8.1.7.0<=8.1.9.1 | |
| Ibm Spectrum Protect For Space Management | >=8.1.9.0<=8.1.9.1 | |
| IBM Spectrum Protect client | <=8.1.7.0-8.1.9.1 (Linux and Windows)8.1.9.0-8.1.9.1 (AIX) | |
| Ibm Spectrum Protect For Space Management | <=8.1.7.0-8.1.9.1 (Linux)8.1.9.0-8.1.9.1 (AIX) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-4406.
What is the severity of CVE-2020-4406?
The severity of CVE-2020-4406 is medium with a severity value of 5.4.
Which software products are affected by CVE-2020-4406?
IBM Spectrum Protect Client (version 8.1.7.0 through 8.1.9.1 on Linux and Windows, 8.1.9.0 through 8.1.9.1 on AIX), and IBM Spectrum Protect for Space Management (version 8.1.7.0 through 8.1.9.1 on Linux, 8.1.9.0 through 8.1.9.1 on AIX) are affected by CVE-2020-4406.
What is the description of CVE-2020-4406?
CVE-2020-4406 refers to a vulnerability in the web user interfaces of IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management that could allow a remote attacker to hijack the clicking action of the victim.
Where can I find more information about CVE-2020-4406?
You can find more information about CVE-2020-4406 on the IBM X-Force Exchange website and the IBM Support Pages.
- agent/type
- agent/references
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm spectrum protect client
- version/ibm spectrum protect client/8.1.7.0
- version/ibm spectrum protect client/8.1.9.1
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- version/ibm spectrum protect client/8.1.9.0
- canonical/ibm aix
- canonical/ibm spectrum protect for space management
- version/ibm spectrum protect for space management/8.1.7.0
- version/ibm spectrum protect for space management/8.1.9.1
- version/ibm spectrum protect for space management/8.1.9.0
- version/ibm spectrum protect client/8.1.7.0-8.1.9.1 (linux and windows)8.1.9.0-8.1.9.1 (aix)
- version/ibm spectrum protect for space management/8.1.7.0-8.1.9.1 (linux)8.1.9.0-8.1.9.1 (aix)