1. Home
  2. CVE Database
  3. CVE-2020-4686
HIGH · 8.1

CVE-2020-4686

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

Vulnerability Description

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
IbmSpectrum Virtualize8.3.1
IbmFlashsystem V5000 Firmware8.3.1
IbmFlashsystem V5000-
IbmFlashsystem V7200 Firmware8.3.1
IbmFlashsystem V7200-
IbmFlashsystem V9000 Firmware8.3.1
IbmFlashsystem V9000-
IbmFlashsystem V9100 Firmware8.3.1
IbmFlashsystem V9100-
IbmFlashsystem V9200 Firmware8.3.1
IbmFlashsystem V9200-
IbmSan Volume Controller Firmware8.3.1
IbmSan Volume Controller-
IbmStorwize V5000 Firmware8.3.1
IbmStorwize V5000-
IbmStorwize V5000E Firmware8.3.1
IbmStorwize V5000E-
IbmStorwize V5100 Firmware8.3.1
IbmStorwize V5100-
IbmStorwize V7000 Firmware8.3.1

References

FAQ

What is CVE-2020-4686?

CVE-2020-4686 is a vulnerability with a CVSS score of 8.1 (HIGH). IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

How severe is CVE-2020-4686?

CVE-2020-4686 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4686?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Virtualize, Ibm Flashsystem V5000 Firmware, Ibm Flashsystem V5000, Ibm Flashsystem V7200 Firmware, Ibm Flashsystem V7200.