Unrated severityNVD Advisory· Published Feb 15, 2021· Updated Sep 17, 2024

CVE-2020-4956

Description

IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to denial of service via setting and dumping large cache values, exhausting memory.

Vulnerability

IBM Spectrum Protect Operations Center versions 7.1 and 8.1 contain a vulnerability in an RPC interface that allows setting arbitrary cache values and dumping them to a file. By specifying a grossly large cache value and repeatedly triggering the dump operation, an attacker can cause the system to consume all available memory, leading to a denial of service [1].

Exploitation

A remote attacker can send crafted RPC requests without requiring authentication or user interaction. The attacker sets a large cache value and then repeatedly calls the dump function to write the cached data to a file. Each dump operation consumes additional memory, eventually exhausting all resources [1].

Impact

Successful exploitation results in a denial of service (DoS) where the system becomes unresponsive due to memory exhaustion. The vulnerability does not affect data confidentiality or integrity [1].

Mitigation

IBM has released fixes for this vulnerability. For the 8.1 line, the fix is included in version 8.1.11.100. For version 7.1, IBM recommends upgrading to a supported version or contacting support for guidance. No workaround is available [1].

References

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-4954, CVE-2020-4955, CVE-2020-4956)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Spectrum Protect Operations Centerllm-fuzzy
Range: 7.1 to 8.1
IBM/Spectrum Protect Operations Centerv5
Range: 8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exchange.xforce.ibmcloud.com/vulnerabilities/192156mitrevdb-entryx_refsource_XF
www.ibm.com/support/pages/node/6404966mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000