CVE-2019-4703

EUVD-2019-14310
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ibmCNA
5.3 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/A:N/S:U/AV:A/I:N/UI:N/C:H/AC:H/PR:N/RL:O/E:U/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
ibmspectrum_protect_plus
10.1.0 ≤
𝑥
≤ 10.1.5
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/172013
https://www.ibm.com/support/pages/node/3177915
https://exchange.xforce.ibmcloud.com/vulnerabilities/172013
https://www.ibm.com/support/pages/node/3177915