CVE-2020-4406

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Client versions 8.1.7.0 through 8.1.9.1 IBM Spectrum Protect for Space Management versions 8.1.7.0 through 8.1.9.1

Description The web user interfaces of the affected software could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this issue to hijack the victim's click actions and possibly launch further attacks against the victim.

Recommendations For IBM Spectrum Protect Client versions 8.1.7.0 through 8.1.9.1, update to a version outside of this range to resolve the issue. For IBM Spectrum Protect for Space Management versions 8.1.7.0 through 8.1.9.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the web user interfaces of the affected software until a patch is available.