PT-2020-18152 · Ibm · Ibm Spectrum Protect Server

Published

2020-08-28

Updated

2021-07-21

CVE-2020-4591

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.10.000

Description The issue could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool.

Recommendations For versions 8.1.0.000 through 8.1.10.000, consider configuring the server to ensure all chunks of objects in encrypted container pools are encrypted to prevent sensitive information disclosure.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2020-4591

Affected Products

Ibm Spectrum Protect Server

PT-2020-18152 · Ibm · Ibm Spectrum Protect Server

CVE-2020-4591

Weakness Enumeration

Related Identifiers

Affected Products

References · 4