CVE-2017-1378

7.8HIGH

Key Information:

Vendor: IBM
Status: Spectrum Protect For Virtual Environments
Vendor: CVE Published:; 5 October 2017

Summary

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

Affected Version(s)

Spectrum Protect for Virtual Environments 7.1

Spectrum Protect for Virtual Environments 8.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/126875

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22006215

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2017
Vulnerability Reserved
Nov 30, 2016