CVE-2020-4954

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Operations Center versions 7.1 through 8.1

Description The issue is caused by improper session validation, allowing a remote attacker to bypass authentication restrictions. An attacker could exploit this by using the configuration panel to obtain a valid session using an attacker-controlled IBM Spectrum Protect server, gaining access to a limited number of debug functions, such as logging levels.

Recommendations For versions 7.1 and 8.1, consider disabling the configuration panel to prevent attackers from obtaining a valid session until a patch is available. Restrict access to debug functions, such as logging levels, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.