CVE-2020-5021
First published: Thu Jan 07 2021(Updated: )
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | <=10.1.0-10.1.6 | |
| IBM Spectrum Protect Plus | >=10.1.0<10.1.7 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-5021.
What is the severity of CVE-2020-5021?
CVE-2020-5021 has a severity value of 4.4, which is classified as medium.
What is the description of CVE-2020-5021?
CVE-2020-5021 is a vulnerability in IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 that allows a local user to impersonate another user on the system after a password reset.
What software versions are affected by CVE-2020-5021?
IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 are affected by CVE-2020-5021.
Is Linux kernel vulnerable to CVE-2020-5021?
No, the Linux kernel is not vulnerable to CVE-2020-5021.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0
- vendor/linux
- canonical/linux linux kernel
- version/ibm spectrum protect plus/10.1.0-10.1.6