Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBC90182ED4ECA01EAB2C28D65150121B63F4973326D90D1200FA1A74FC74BD26
HistoryJun 17, 2019 - 4:55 p.m.

Security Bulletin: Password exposure via job log in IBM Spectrum Protect Plus (CVE-2019-4385)

2019-06-1716:55:01
www.ibm.com
5

EPSS

0.001

Percentile

17.2%

JSON

Summary

IBM Spectrum Protect Plus may display the vSNAP CIFS password in the Spectrum Protect Plus job log

Vulnerability Details

CVEID: CVE-2019-4385 DESCRIPTION: IBM Spectrum Protect Plus may display the vSnap CIFS password in the IBM Spectrum Protect Plus job log. This can result in an attacker gaining access to sensitive information as well as vSnap.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162173&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

IBM Spectrum Protect Plus 10.1.2.219 through 10.1.2.303.

Remediation/Fixes

Spectrum Protect Plus Release

| First Fixing
VRM Level|APAR|Platform|_Link to Fix _
—|—|—|—|—
10.1 | 10.1.3 | IT27644 | Linux |

<https://www.ibm.com/support/docview.wss?uid=ibm10743897&gt;

Workarounds and Mitigations

None

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2019-4385
2019-06-19 13:30:19
prion
prion
Information disclosure
2019-06-19 14:15:00
nvd
nvd
CVE-2019-4385
2019-06-19 14:15:11
cve
cve
CVE-2019-4385
2019-06-19 14:15:11

EPSS

0.001

Percentile

17.2%

JSON
Related for BC90182ED4ECA01EAB2C28D65150121B63F4973326D90D1200FA1A74FC74BD26
cvelist1prion1nvd1cve1