What is CVE-2020-4686?

CVE-2020-4686 is a vulnerability in IBM Spectrum Virtualize 8.3.1 that allows a remote user authenticated via LDAP to escalate their privileges and perform unauthorized actions.

Which software versions are affected by CVE-2020-4686?

IBM Spectrum Virtualize 8.3.1 and its public cloud version are affected by CVE-2020-4686.

What is the severity rating of CVE-2020-4686?

CVE-2020-4686 has a severity rating of 8.1 (high).

How can a remote user exploit CVE-2020-4686?

A remote user authenticated via LDAP can exploit CVE-2020-4686 to escalate their privileges and perform unauthorized actions.

Where can I find more information about CVE-2020-4686?

You can find more information about CVE-2020-4686 on the IBM X-Force ID: 186678 and the IBM Support website.

Vulnerability/
CVE-2020-4686

high

8.1

14/8/2020

4/8/2024

CVE-2020-4686

First published: Fri Aug 14 2020(Updated: )

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Storage Virtualize	=8.3.1
IBM Storage Virtualize	=8.3.1
IBM FlashSystem V5000 Firmware	=8.3.1
IBM FlashSystem V5000 Firmware
IBM FlashSystem V7200	=8.3.1
IBM FlashSystem V7200 Firmware
IBM FlashSystem V9000	=8.3.1
IBM FlashSystem V9000
IBM FlashSystem 9100	=8.3.1
IBM FlashSystem V9100 Firmware
IBM FlashSystem V9200 Firmware	=8.3.1
IBM FlashSystem V9200 Firmware
IBM SAN Volume Controller Firmware	=8.3.1
IBM SAN Volume Controller Firmware
IBM Storwize V5000	=8.3.1
IBM Storwize
IBM Storwize V5000E	=8.3.1
IBM Storwize
IBM Storwize V5100 Firmware	=8.3.1
IBM Storwize
IBM Storwize Unified V7000	=8.3.1
IBM Storwize Unified V7000

Remedy

https://www.ibm.com/support/pages/node/6260199

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-4686?
CVE-2020-4686 is a vulnerability in IBM Spectrum Virtualize 8.3.1 that allows a remote user authenticated via LDAP to escalate their privileges and perform unauthorized actions.
Which software versions are affected by CVE-2020-4686?
IBM Spectrum Virtualize 8.3.1 and its public cloud version are affected by CVE-2020-4686.
What is the severity rating of CVE-2020-4686?
CVE-2020-4686 has a severity rating of 8.1 (high).
How can a remote user exploit CVE-2020-4686?
A remote user authenticated via LDAP can exploit CVE-2020-4686 to escalate their privileges and perform unauthorized actions.
Where can I find more information about CVE-2020-4686?
You can find more information about CVE-2020-4686 on the IBM X-Force ID: 186678 and the IBM Support website.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm storage virtualize
version/ibm storage virtualize/8.3.1
canonical/ibm flashsystem v5000 firmware
version/ibm flashsystem v5000 firmware/8.3.1
canonical/ibm flashsystem v7200
version/ibm flashsystem v7200/8.3.1
canonical/ibm flashsystem v7200 firmware
canonical/ibm flashsystem v9000
version/ibm flashsystem v9000/8.3.1
canonical/ibm flashsystem 9100
version/ibm flashsystem 9100/8.3.1
canonical/ibm flashsystem v9100 firmware
canonical/ibm flashsystem v9200 firmware
version/ibm flashsystem v9200 firmware/8.3.1
canonical/ibm san volume controller firmware
version/ibm san volume controller firmware/8.3.1
canonical/ibm storwize v5000
version/ibm storwize v5000/8.3.1
canonical/ibm storwize
canonical/ibm storwize v5000e
version/ibm storwize v5000e/8.3.1
canonical/ibm storwize v5100 firmware
version/ibm storwize v5100 firmware/8.3.1
canonical/ibm storwize unified v7000
version/ibm storwize unified v7000/8.3.1