{"containers":{"cna":{"affected":[{"product":"Spectrum Protect for Space Management (Linux)","vendor":"IBM","versions":[{"status":"affected","version":"8.1.7.0"},{"status":"affected","version":"8.1.9.1"}]},{"product":"Spectrum Protect for Space Management (AIX)","vendor":"IBM","versions":[{"status":"affected","version":"8.1.9.0"},{"status":"affected","version":"8.1.9.1"}]},{"product":"Spectrum Protect Client (AIX)","vendor":"IBM","versions":[{"status":"affected","version":"8.1.9.0"},{"status":"affected","version":"8.1.9.1"}]},{"product":"Spectrum Protect Client (Linux and Windows)","vendor":"IBM","versions":[{"status":"affected","version":"8.1.7.0"},{"status":"affected","version":"8.1.9.1"}]}],"datePublic":"2020-06-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","exploitCodeMaturity":"UNPROVEN","integrityImpact":"NONE","privilegesRequired":"NONE","remediationLevel":"OFFICIAL_FIX","reportConfidence":"CONFIRMED","scope":"UNCHANGED","temporalScore":6.5,"temporalSeverity":"MEDIUM","userInteraction":"NONE","vectorString":"CVSS:3.0/I:N/A:N/S:U/UI:N/C:H/AC:L/PR:N/AV:N/RL:O/RC:C/E:U","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Obtain Information","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-06-15T13:25:27.000Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.ibm.com/support/pages/node/6221448"},{"name":"ibm-spectrum-cve20204494-info-disc (182019)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2020-06-12T00:00:00","ID":"CVE-2020-4494","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spectrum Protect for Space Management (Linux)","version":{"version_data":[{"version_value":"8.1.7.0"},{"version_value":"8.1.9.1"}]}},{"product_name":"Spectrum Protect for Space Management (AIX)","version":{"version_data":[{"version_value":"8.1.9.0"},{"version_value":"8.1.9.1"}]}},{"product_name":"Spectrum Protect Client (AIX)","version":{"version_data":[{"version_value":"8.1.9.0"},{"version_value":"8.1.9.1"}]}},{"product_name":"Spectrum Protect Client (Linux and Windows)","version":{"version_data":[{"version_value":"8.1.7.0"},{"version_value":"8.1.9.1"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"L","AV":"N","C":"H","I":"N","PR":"N","S":"U","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6221448","refsource":"CONFIRM","title":"IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))","url":"https://www.ibm.com/support/pages/node/6221448"},{"name":"ibm-spectrum-cve20204494-info-disc (182019)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:07:48.819Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.ibm.com/support/pages/node/6221448"},{"name":"ibm-spectrum-cve20204494-info-disc (182019)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"}]}]},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2020-4494","datePublished":"2020-06-15T13:25:27.712Z","dateReserved":"2019-12-30T00:00:00.000Z","dateUpdated":"2024-09-17T02:41:34.476Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}