Local Information Disclosure in IBM Spectrum Protect Plus
CVE-2020-5017

2.9LOW

Key Information:

Vendor: IBM
Status: Spectrum Protect Plus
Vendor: CVE Published:; 8 January 2021

Summary

IBM Spectrum Protect Plus versions 10.1.0 to 10.1.6 are susceptible to a vulnerability that could allow local users to gain unauthorized access to sensitive information, exceeding their established roles and permissions. This exposure could lead to significant security risks, enabling a malicious user to exploit the system's inherent trust relationships.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.6

References

https://www.ibm.com/support/pages/node/6398754

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/193653

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2021
Vulnerability Reserved
Dec 30, 2019