CVE-2020-4956

Published: Feb 15, 2021Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.

Affected (2)

Products: Ibm: Spectrum Protect Operations Center

1 product

Spectrum Protect Operations Center

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Spectrum Protect Operations Center	From 7.1.0.000 to 7.1.13.000
Ibm Spectrum Protect Operations Center	From 8.1.0.000 to 8.1.10.200

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/192156

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6404966

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/192156

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6404966

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.