{"api_version":"1","generated_at":"2026-05-06T23:53:17+00:00","cve":"CVE-2020-4926","urls":{"html":"https://cve.report/CVE-2020-4926","api":"https://cve.report/api/cve/CVE-2020-4926.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-4926","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-4926"},"summary":{"title":"CVE-2020-4926","description":"A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-05-24 17:15:00","updated_at":"2022-06-07 14:14:00"},"problem_types":["CWE-862"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/6589109","name":"https://www.ibm.com/support/pages/node/6589109","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which is packaged in IBM ESS (CVE-2020-4926)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/191600","name":"ibm-spectrum-cve20204926-info-disc (191600)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6565399","name":"https://www.ibm.com/support/pages/node/6565399","refsource":"CONFIRM","tags":[],"title":"Security Bulletin:  A vulnerability has been identified in IBM Spectrum Scale where an unauthorized user can send arbitrary data to the CLI commands and daemon (CVE-2020-4926)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-4926","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-4926","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"4926","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"elastic_storage_system","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4926","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_scale","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4926","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Spectrum Scale","version":{"version_data":[{"version_value":"5.1"}]}},{"version":{"version_data":[{"version_value":"6.1"}]},"product_name":"Elastic Storage System"}]}}]}},"impact":{"cvssv3":{"BM":{"PR":"N","I":"L","AC":"H","SCORE":"5.700","S":"U","C":"H","A":"N","UI":"N","AV":"L"},"TM":{"E":"U","RL":"O","RC":"C"}}},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6589109","title":"IBM Security Bulletin 6589109 (Elastic Storage System)","refsource":"CONFIRM","url":"https://www.ibm.com/support/pages/node/6589109"},{"title":"IBM Security Bulletin 6565399 (Spectrum Scale)","name":"https://www.ibm.com/support/pages/node/6565399","url":"https://www.ibm.com/support/pages/node/6565399","refsource":"CONFIRM"},{"name":"ibm-spectrum-cve20204926-info-disc (191600)","title":"X-Force Vulnerability Report","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/191600"}]},"data_version":"4.0","description":{"description_data":[{"value":"A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.","lang":"eng"}]},"data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"STATE":"PUBLIC","ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2020-4926","DATE_PUBLIC":"2022-05-23T00:00:00"},"problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]}},"nvd":{"publishedDate":"2022-05-24 17:15:00","lastModifiedDate":"2022-06-07 14:14:00","problem_types":["CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.3.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.3.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"4926","Ordinal":"164954","Title":"CVE-2020-4926","CVE":"CVE-2020-4926","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"4926","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}