Lucene search
IBM4A505A2769920956A0E7DA933BDB475441D06B1738D5ED589051D4420F4C3D04HistoryDec 15, 2021 - 1:45 p.m.
Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2021-38901)
2021-12-1513:45:25
www.ibm.com
8
ibm
spectrum protect
operations center
information disclosure
cve-2021-38901
vulnerability
user credentials
tracing
plain text
security bulletin
EPSS
0
Percentile
5.1%
Summary
If tracing is enabled in Operations Center, user credentials may be displayed in the trace file in plain text.
Vulnerability Details
CVEID:CVE-2021-38901
**DESCRIPTION:**IBM Spectrum Protect Operations Center, under special configurations, could allow a local user to obtain highly sensitive information.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209610 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Operations Center | 7.1.0.000-7.1.13.xxx |
Remediation/Fixes
**Operations
| Center Release** | First Fixing VRM Level | Platform | **APAR **** ** | Link to Fix |
|---|---|---|---|---|
| 7.1 | 7.1.14 | AIX | ||
| Linux | ||||
| Windows |
IT38340
|
<https://www.ibm.com/support/pages/node/6518992>
Workarounds and Mitigations
To minimize exposure to this vulnerability, do not turn on tracing unless instructed to do so by IBM and delete existing trace files that are no longer needed.
Related
cnvd
cnvd
prion
prion
Code injection
2021-12-13 19:15:00
cvelist
cvelist
CVE-2021-38901
2021-12-13 18:35:30
cve
cve
CVE-2021-38901
2021-12-13 19:15:07
nvd
nvd
CVE-2021-38901
2021-12-13 19:15:07