CVE-2020-4693
Description
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper data validation in IBM Spectrum Protect Operations Center before export allows unauthenticated remote code execution.
Vulnerability
IBM Spectrum Protect Operations Center versions 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 are affected by a code injection vulnerability [1]. The issue stems from improper validation of data prior to export, which can be leveraged to execute arbitrary code on the system [1].
Exploitation
An attacker can exploit this vulnerability over the network without needing any authentication or user interaction [1]. The CVSS vector indicates the attack complexity is low and no privileges are required [1]. The exact steps are not disclosed in the available references, but the vulnerability is remotely exploitable via network access.
Impact
Successful exploitation allows an attacker to execute arbitrary code on the system [1]. The CVSSv3 base score of 9.1 reflects high impact to both confidentiality and integrity, though availability is not affected [1]. The attacker can gain full control over system data and operations.
Mitigation
IBM has not yet released a fix for this vulnerability as of the initial publication date; the advisory states "Workarounds and Mitigations: None" [1]. Users are advised to monitor IBM's support page for future updates and apply patches when available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >=7.1.0.000 <=7.1.10, >=8.1.0.000 <=8.1.9
- IBM/Spectrum Protect Operations Centerv5Range: 7.1.0.000
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/186782mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6325341mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.