Local Information Disclosure in IBM Spectrum Protect Plus
CVE-2020-5017

2.9LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 January 2021

Summary

IBM Spectrum Protect Plus versions 10.1.0 to 10.1.6 are susceptible to a vulnerability that could allow local users to gain unauthorized access to sensitive information, exceeding their established roles and permissions. This exposure could lead to significant security risks, enabling a malicious user to exploit the system's inherent trust relationships.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.6

References

CVSS V3.1

Score:
2.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.