CVE-2019-4703 — IBM Spectrum Protect Plus vulnerability

3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 66.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Protect Plus

Timeline

PublishedFeb 24

Latest updateMay 24

Description

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/spectrum_protect_plus10.1.0 — 10.1.5

▶CVEListV5ibm/spectrum_protect_plus10.1.0, 10.1.5+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-jqg2-qc32-f57h: IBM Spectrum Protect Plus 10↗2022-05-24

▶

CVEList

CVE-2019-4703: IBM Spectrum Protect Plus 10↗2020-02-24

▶