CVE-2019-4385

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
ibmCNA
5.9 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.0/I:N/C:H/S:C/AV:L/PR:N/AC:H/A:N/UI:N/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
ibmspectrum_protect_plus
10.1.2.219 ≤
𝑥
≤ 10.1.2.303
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ibm10886099
http://www.securityfocus.com/bid/108899
https://exchange.xforce.ibmcloud.com/vulnerabilities/162173
http://www.ibm.com/support/docview.wss?uid=ibm10886099
http://www.securityfocus.com/bid/108899
https://exchange.xforce.ibmcloud.com/vulnerabilities/162173