PT-2017-13095 · Vmware+1 · Vmware Vcenter+1

Published

2017-10-05

Updated

2019-10-03

CVE-2017-1378

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect versions 7.1 through 8.1

Description The issue allows a local user to obtain unencrypted login credentials to Vmware vCenter from the application trace output.

Recommendations For IBM Spectrum Protect versions 7.1 through 8.1, consider restricting access to the application trace output to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2017-1378

Affected Products

Ibm Spectrum Protect

Vmware Vcenter

PT-2017-13095 · Vmware+1 · Vmware Vcenter+1

CVE-2017-1378

Weakness Enumeration

Related Identifiers

Affected Products

References · 4