Lucene search

IbmCVELIST:CVE-2021-20536

HistoryApr 26, 2021 - 4:30 p.m.

CVE-2021-20536

2021-04-2616:30:44

ibm

www.cve.org

ibm spectrum protect plus

sensitive information

log files

local user

security vulnerability

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.

CNA Affected

[
  {
    "product": "Spectrum Protect Plus",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.6"
      },
      {
        "status": "affected",
        "version": "10.1.7"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/198836

www.ibm.com/support/pages/node/6445739

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for CVELIST:CVE-2021-20536