IBM Spectrum Protect Plus information disclosure
CVE-2020-4497

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Plus
Vendor: CVE Published:; 14 December 2022

Summary

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Affected Version(s)

Spectrum Protect Plus 10.1.0 < 10.1.12

References

https://www.ibm.com/support/pages/node/6847627

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/182106

vdb-entry

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Dec 30, 2019