CVE-2019-4385Insufficiently Protected Credentials in IBM Spectrum Protect Plus

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 79.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Plus
Timeline
PublishedJun 19
Latest updateMay 24

Description

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

NVDibm/spectrum_protect_plus10.1.2.21910.1.2.303
CVEListV5ibm/spectrum_protect_plus10.1.2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-59w4-5r3p-f58v: IBM Spectrum Protect Plus 102022-05-24
CVEList
CVE-2019-4385: IBM Spectrum Protect Plus 102019-06-19
CVE-2019-4385 — Insufficiently Protected Credentials | cvebase