CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
43.5%
IBM Spectrum Protect Plus does not encrypt data transfer between vSnap servers and application agents. This could allow an attacker to view senstive information in transit.
CVEID:CVE-2020-4497
**DESCRIPTION:**IBM Spectrum Protect Plus discloses sensitive information due to unencryhpted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182106 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus | 10.1.0-10.1.12 |
IBM Spectrum Protect Plus 10.1.13 introduces Transport Encryption feature. With transport encryption, you can protect the data transport between application host and vSnap during backup and restore. Transport encryption feature ensures security to each data path of data between the application host and the vSnap by encrypting and decrypting the data. For more information about Transport Encryption, see <https://www.ibm.com/docs/en/SSNQFQ_10.1.13/spp/r_spp_vSnap_transportencryption.html>
**IBM Spectrum Protect
Plus **Affected Versions | Fixing Level | Platform | Link to Fix and Instructions |
---|---|---|---|
10.1.0-10.1.12 | 10.1.13 | Linux |
https://www.ibm.com/support/pages/node/6827871
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | spectrum_protect_plus | 10.1 | cpe:2.3:a:ibm:spectrum_protect_plus:10.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
43.5%