CVE-2020-4854
First published: Fri Nov 20 2020(Updated: )
IBM Spectrum Protect Plus contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | <=10.1.0-10.1.6 | |
| IBM Spectrum Protect Plus | >=10.1.0<=10.1.6 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4854?
The severity of CVE-2020-4854 is critical with a CVSS score of 9.8.
What is the impact of CVE-2020-4854?
CVE-2020-4854 allows an attacker to gain unauthorized access, perform unauthorized actions, or decrypt internal data.
How does CVE-2020-4854 affect IBM Spectrum Protect Plus?
CVE-2020-4854 affects IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 by containing hard-coded credentials.
Are Linux systems vulnerable to CVE-2020-4854?
Linux systems are not vulnerable to CVE-2020-4854.
How can I fix CVE-2020-4854?
To fix CVE-2020-4854, upgrade IBM Spectrum Protect Plus to a version beyond 10.1.6.
- collector/ibm-support
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0-10.1.6
- version/ibm spectrum protect plus/10.1.0
- version/ibm spectrum protect plus/10.1.6
- vendor/linux
- canonical/linux linux kernel