IBM Spectrum Protect Plus Server information disclosure
CVE-2023-27863

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Plus Server
Vendor: CVE Published:; 12 May 2023

Summary

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.

Affected Version(s)

Spectrum Protect Plus Server 10.1.13

References

https://www.ibm.com/support/pages/node/6965812

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/249325

vdb-entry

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2023
Vulnerability Reserved
Mar 6, 2023