{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:44:00.908","vulnerabilities":[{"cve":{"id":"CVE-2020-4954","sourceIdentifier":"psirt@us.ibm.com","published":"2021-02-15T15:15:13.493","lastModified":"2024-11-21T05:33:28.353","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153."},{"lang":"es","value":"IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, podrían permitir a un atacante remoto omitir unas restricciones de autenticación, causadas por una comprobación inapropiada de la sesión. Al usar el panel de configuración para obtener una sesión válida usando un servidor IBM Spectrum Protect controlado por un atacante, un atacante podría explotar esta vulnerabilidad para omitir la autenticación y conseguir acceso a un número limitado de funciones de depuración, como los niveles de registro. IBM X-Force ID: 192153"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV30":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:N","baseScore":4.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0.000","versionEndExcluding":"7.1.13.000","matchCriteriaId":"BDA5A26F-E555-4401-8A74-C693D96BE215"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.000","versionEndExcluding":"8.1.10.200","matchCriteriaId":"74404BEF-3CD4-4731-A9E2-4A4A913B82ED"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/192153","source":"psirt@us.ibm.com","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/6404966","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/192153","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/6404966","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}