Unencrypted Credential Exposure in IBM Spectrum Protect for VMware vCenter
CVE-2017-1378

7.8HIGH

Key Information:

Vendor
IBM
Status
Spectrum Protect For Virtual Environments
Vendor
CVE Published:
5 October 2017

Summary

IBM Spectrum Protect versions 7.1 and 8.1 (previously known as Tivoli Storage Manager) contain a security vulnerability that allows local users to access unencrypted login credentials intended for VMware vCenter in the application trace output. This unauthorized exposure can lead to significant security risks, as attackers can exploit this information to gain unauthorized access to sensitive systems.

Affected Version(s)

Spectrum Protect for Virtual Environments 7.1

Spectrum Protect for Virtual Environments 8.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/126875
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22006215
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.