CVE-2020-4406 MEDIUM

CVE-2020-4406

Vendor Ibm
Product Spectrum Protect Client (Linux and Windows)
Published June 15, 2020
Last update September 17, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/C:L/PR:L/AC:L/UI:R/S:C/A:N/I:L/E:U/RC:C/RL:O

What the vulnerability does

01Description

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.

Key dates

02Disclosure timeline

June 15, 2020 CVE published
September 17, 2024 Record updated