CVE-2019-4652Incorrect Default Permissions in IBM Spectrum Protect Plus

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 81.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Plus
Timeline
PublishedNov 12
Latest updateMay 24

Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDibm/spectrum_protect_plus10.1.010.1.4
CVEListV5ibm/spectrum_protect_plus10.1.0, 10.1.4+1

🔴Vulnerability Details

2
GHSA
GHSA-964p-hcfc-cv9h: IBM Spectrum Protect Plus 102022-05-24
CVEList
CVE-2019-4652: IBM Spectrum Protect Plus 102019-11-12
CVE-2019-4652 — Incorrect Default Permissions in IBM | cvebase