CVE Vulnerability

CVE-2019-4385

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2 / Impact : 4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://www.ibm.com/support/docview.wss?uid=ibm10886099 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/162173 VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/108899 Broken Link Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*
Information

Published : 2019-06-19 02:15

Updated : 2023-01-30 04:51

NVD link : CVE-2019-4385

Mitre link : CVE-2019-4385

Products Affected

Ibm

Spectrum Protect Plus

CWE
CWE-522