Auth bypass in Ibm Aix
CVE-2020-4494
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could al…
Vulnerability class: Broken Authentication
EPSS: 0.022 (80.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Ibm Aix
- Ibm Spectrum_protect_client
- Ibm Spectrum Protect Client (Aix) — versions 8.1.9.0, 8.1.9.1
- Ibm Spectrum Protect Client (Linux And Windows) — versions 8.1.7.0, 8.1.9.1
- Ibm Spectrum_protect_for_space_management
- Ibm Spectrum Protect For Space Management (Aix) — versions 8.1.9.0, 8.1.9.1
- Ibm Spectrum Protect For Space Management (Linux) — versions 8.1.7.0, 8.1.9.1
- Linux Linux_kernel
- Microsoft Windows
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, vdb-entry, Vendor Advisory, x_refsource_XF)
Frequently asked questions
- What is CVE-2020-4494?
- CVE-2020-4494 is a high-severity vulnerability in Ibm Aix, classified under Improper Authentication. CVSS score: 7.5/10. Published 2020-06-15.
- How severe is CVE-2020-4494?
- High severity. CVSS v3 base score is 7.5 out of 10.