CVE-2020-4854

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6

Description The issue concerns hard-coded credentials, such as a password or cryptographic key, used by IBM Spectrum Protect Plus for inbound authentication, outbound communication to external components, or encryption of internal data.

Recommendations For versions 10.1.0 through 10.1.6, update to a version that does not contain hard-coded credentials to resolve the issue. As a temporary workaround, consider restricting access to components that use these hard-coded credentials until a patch is available.