CVE-2017-1378

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 89.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect FOR Virtual EnvironmentsIBM Tivoli Storage Manager
Timeline
PublishedOct 5
Latest updateMay 13

Description

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/tivoli_storage_manager62 versions+61

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-hjv3-4g7h-7cm9: IBM Spectrum Protect 72022-05-13
CVEList
CVE-2017-1378: IBM Spectrum Protect 72017-10-05
CVE-2017-1378 (HIGH CVSS 7.8) | IBM Spectrum Protect 7.1 and 8.1 (f | cvebase.io