PT-2020-18234 · Ibm · Ibm Spectrum Protect Operations Center

Published

2020-11-23

Updated

2020-11-29

CVE-2020-4771

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Operations Center versions 7.1.0.000 through 7.1.11 IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.10

Description The issue is caused by improper authentication of a websocket endpoint, allowing a remote attacker to obtain sensitive information. An attacker could exploit this by using known tools to subscribe to the websocket event stream.

Recommendations For IBM Spectrum Protect Operations Center versions 7.1.0.000 through 7.1.11, update to a version that properly authenticates websocket endpoints. For IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.10, update to a version that properly authenticates websocket endpoints. As a temporary workaround, consider restricting access to the websocket endpoint until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-4771

Affected Products

Ibm Spectrum Protect Operations Center

PT-2020-18234 · Ibm · Ibm Spectrum Protect Operations Center

CVE-2020-4771

Weakness Enumeration

Related Identifiers

Affected Products

References · 5