{"api_version":"1","generated_at":"2026-04-23T01:31:27+00:00","cve":"CVE-2020-4494","urls":{"html":"https://cve.report/CVE-2020-4494","api":"https://cve.report/api/cve/CVE-2020-4494.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-4494","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-4494"},"summary":{"title":"CVE-2020-4494","description":"IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2020-06-15 14:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/182019","name":"ibm-spectrum-cve20204494-info-disc (182019)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ibm.com/support/pages/node/6221448","name":"https://www.ibm.com/support/pages/node/6221448","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Bulletin:  IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management web user interface vulnerable to authentication bypass and clickjacking (CVE-2020-4494, CVE-2020-4406)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-4494","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-4494","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"4494","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"aix","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"aix","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"1","versionEndIncluding":"8.1.9.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_protect_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"1","versionEndIncluding":"8.1.9.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_protect_for_space_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4494","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_format":"MITRE","impact":{"cvssv3":{"TM":{"RL":"O","RC":"C","E":"U"},"BM":{"I":"N","A":"N","SCORE":"7.500","S":"U","UI":"N","C":"H","AC":"L","PR":"N","AV":"N"}}},"data_type":"CVE","data_version":"4.0","CVE_data_meta":{"STATE":"PUBLIC","DATE_PUBLIC":"2020-06-12T00:00:00","ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2020-4494"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"version":{"version_data":[{"version_value":"8.1.7.0"},{"version_value":"8.1.9.1"}]},"product_name":"Spectrum Protect for Space Management (Linux)"},{"version":{"version_data":[{"version_value":"8.1.9.0"},{"version_value":"8.1.9.1"}]},"product_name":"Spectrum Protect for Space Management (AIX)"},{"product_name":"Spectrum Protect Client (AIX)","version":{"version_data":[{"version_value":"8.1.9.0"},{"version_value":"8.1.9.1"}]}},{"product_name":"Spectrum Protect Client (Linux and Windows)","version":{"version_data":[{"version_value":"8.1.7.0"},{"version_value":"8.1.9.1"}]}}]}}]}},"references":{"reference_data":[{"title":"IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))","name":"https://www.ibm.com/support/pages/node/6221448","url":"https://www.ibm.com/support/pages/node/6221448","refsource":"CONFIRM"},{"title":"X-Force Vulnerability Report","refsource":"XF","name":"ibm-spectrum-cve20204494-info-disc (182019)","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/182019"}]},"description":{"description_data":[{"value":"IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.","lang":"eng"}]}},"nvd":{"publishedDate":"2020-06-15 14:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.7.0","versionEndIncluding":"8.1.9.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.9.0","versionEndIncluding":"8.1.9.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.7.0","versionEndIncluding":"8.1.9.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.9.0","versionEndIncluding":"8.1.9.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"4494","Ordinal":"164522","Title":"CVE-2020-4494","CVE":"CVE-2020-4494","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"4494","Ordinal":"1","NoteData":"IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"4494","Ordinal":"2","NoteData":"2020-06-15","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"4494","Ordinal":"3","NoteData":"2020-06-15","Type":"Other","Title":"Modified"}]}}}