Hard-coded Credentials Vulnerability in IBM Spectrum Protect Plus
CVE-2020-4854

9.8CRITICAL

Key Information:

Vendor

IBM
Status
Spectrum Protect Plus
Vendor
CVE Published:
23 November 2020

What is CVE-2020-4854?

IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 are vulnerable due to the presence of hard-coded credentials, such as passwords or cryptographic keys. These credentials are utilized for inbound authentication, communication with external components, or data encryption. This exposure can potentially enable unauthorized access and compromise the security of sensitive internal data, highlighting a significant risk for organizations relying on this product.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.6

References

https://www.ibm.com/support/pages/node/6367823
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/190454
vdb-entryx_refsource_XF
https://www.tenable.com/security/research/tra-2020-66
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.