CVE-2020-4771

Summary

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.

Affected Software

VendorProductVersion RangeStatus
IBMSpectrum Protect Operations Center8.1affected
IBMSpectrum Protect Operations Center8.1.10affected
IBMSpectrum Protect Operations Center7.1affected
IBMSpectrum Protect Operations Center7.1.11affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References