CVE-2020-5020
First published: Thu Jan 07 2021(Updated: )
IBM Spectrum Protect Plus could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | <=10.1.0-10.1.6 | |
| IBM Spectrum Protect Plus | >=10.1.0<10.1.7 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-5020.
What is the severity of CVE-2020-5020?
The severity of CVE-2020-5020 is medium with a severity value of 6.1.
What products are affected by CVE-2020-5020?
IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 and IBM Spectrum Protect Plus up to version 10.1.7 are affected.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by persuading a victim to visit a malicious website and hijack their click actions.
Are Linux systems vulnerable to this vulnerability?
No, Linux systems are not vulnerable to this specific vulnerability.
- collector/ibm-support
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0-10.1.6
- version/ibm spectrum protect plus/10.1.0
- vendor/linux
- canonical/linux linux kernel