PT-2019-17053 · Ibm · Ibm Spectrum Protect Plus
Published
2019-06-19
·
Updated
2023-01-30
·
CVE-2019-4385
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Spectrum Protect Plus version 10.1.2
Description
The issue allows an attacker to gain access to sensitive information, including the vSnap CIFS password, which is displayed in the IBM Spectrum Protect Plus Joblog. This could potentially lead to unauthorized access to vSnap.
Recommendations
For IBM Spectrum Protect Plus version 10.1.2, consider restricting access to the Joblog to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Spectrum Protect Plus