CVE-2020-4686

Published: Aug 17, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

Affected (12)

Products: Ibm: Spectrum Virtualize, Flashsystem V5000 Firmware, Flashsystem V7200 Firmware, Flashsystem V9000 Firmware, Flashsystem V9100 Firmware, Flashsystem V9200 Firmware, San Volume Controller Firmware, Storwize V5000 Firmware, Storwize V5000e Firmware, Storwize V5100 Firmware, Storwize V7000 Firmware

Ibm

11 products

Spectrum Virtualize

Flashsystem V5000 Firmware

Flashsystem V7200 Firmware

Flashsystem V9000 Firmware

Flashsystem V9100 Firmware

Flashsystem V9200 Firmware

San Volume Controller Firmware

Storwize V5000 Firmware

Storwize V5000e Firmware

Storwize V5100 Firmware

Storwize V7000 Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Spectrum Virtualize	Version 8.3.1
Ibm Spectrum Virtualize	Version 8.3.1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem V5000 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Flashsystem V5000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem V7200 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Flashsystem V7200	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem V9000 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Flashsystem V9000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem V9100 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Flashsystem V9100	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Flashsystem V9200 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Flashsystem V9200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm San Volume Controller Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm San Volume Controller	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V5000 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Storwize V5000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V5000e Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Storwize V5000e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V5100 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Storwize V5100	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Storwize V7000 Firmware	Version 8.3.1

Running on/with	Platform Versions
Ibm Storwize V7000	All versions

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/186678

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6260199

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/186678

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6260199

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.