IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Spectrum_protect_operations_center | Ibm | 7.1.0.000 (including) | 7.1.13.000 (excluding) |
Spectrum_protect_operations_center | Ibm | 8.1.0.000 (including) | 8.1.10.200 (excluding) |
Such a scenario is commonly observed when: