Lucene search

IbmCVELIST:CVE-2019-4385

HistoryJun 19, 2019 - 1:30 p.m.

CVE-2019-4385

2019-06-1913:30:19

ibm

www.cve.org

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

CNA Affected

[
  {
    "product": "Spectrum Protect Plus",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.2"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=ibm10886099

www.securityfocus.com/bid/108899

exchange.xforce.ibmcloud.com/vulnerabilities/162173

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

Related for CVELIST:CVE-2019-4385