CVE-2020-4494
First published: Fri Jun 12 2020(Updated: )
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect client | >=8.1.7.0<=8.1.9.1 | |
| Linux Linux kernel | ||
| Microsoft Windows | ||
| IBM Spectrum Protect client | >=8.1.9.0<=8.1.9.1 | |
| IBM AIX | ||
| Ibm Spectrum Protect For Space Management | >=8.1.7.0<=8.1.9.1 | |
| Ibm Spectrum Protect For Space Management | >=8.1.9.0<=8.1.9.1 | |
| IBM Spectrum Protect client | <=8.1.7.0-8.1.9.1 (Linux and Windows)8.1.9.0-8.1.9.1 (AIX) | |
| Ibm Spectrum Protect For Space Management | <=8.1.7.0-8.1.9.1 (Linux)8.1.9.0-8.1.9.1 (AIX) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4494?
CVE-2020-4494 is a vulnerability in the IBM Spectrum Protect Backup-Archive Client web user interface and IBM Spectrum Protect for Space Management web user interfaces that could allow an attacker to bypass authentication.
Which software versions are affected by CVE-2020-4494?
IBM Spectrum Protect Client versions 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 through 8.1.9.1 (AIX), and IBM Spectrum Protect for Space Management versions 8.1.7.0 through 8.1.9.1 (Linux), and 8.1.9.0 through 8.1.9.1 (AIX) are affected by CVE-2020-4494.
How severe is CVE-2020-4494?
CVE-2020-4494 has a severity rating of 7.5 (high).
How can I fix CVE-2020-4494?
Upgrade to a fixed version of IBM Spectrum Protect Client or IBM Spectrum Protect for Space Management that is not vulnerable to CVE-2020-4494.
Where can I find more information about CVE-2020-4494?
You can find more information about CVE-2020-4494 on the IBM X-Force Exchange website and the IBM support pages.
- agent/type
- agent/references
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm spectrum protect client
- version/ibm spectrum protect client/8.1.7.0
- version/ibm spectrum protect client/8.1.9.1
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- version/ibm spectrum protect client/8.1.9.0
- canonical/ibm aix
- canonical/ibm spectrum protect for space management
- version/ibm spectrum protect for space management/8.1.7.0
- version/ibm spectrum protect for space management/8.1.9.1
- version/ibm spectrum protect for space management/8.1.9.0
- version/ibm spectrum protect client/8.1.7.0-8.1.9.1 (linux and windows)8.1.9.0-8.1.9.1 (aix)
- version/ibm spectrum protect for space management/8.1.7.0-8.1.9.1 (linux)8.1.9.0-8.1.9.1 (aix)