Lucene search
China National Vulnerability DatabaseCNVD-2023-41895HistoryMay 17, 2023 - 12:00 a.m.
IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2023-41895)
2023-05-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
ibm
spectrum protect plus
information disclosure
vulnerability
version 10.1.13
data protection
ibm spectrum protect
smb credentials
vsnap datastore
attacker
application's inadequate protection
0.001 Low
EPSS
Percentile
29.4%
IBM Spectrum Protect Plus is a suite of data protection platforms from International Business Machines (IBM). The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. An information disclosure vulnerability exists in IBM Spectrum Protect Plus Server version 10.1.13, which stems from the application’s inadequate protection of sensitive information and can be exploited by an attacker to obtain SMB credentials that can be used to access the vSnap datastore.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm ibm spectrum protect plus | eq | 10.1.13 |
Related
cvelist
cvelist
CVE-2023-27863 IBM Spectrum Protect Plus Server information disclosure
2023-05-12 18:27:59
cve
cve
CVE-2023-27863
2023-05-12 19:15:08
nvd
nvd
CVE-2023-27863
2023-05-12 19:15:08
ibm
ibm
prion
prion
Command injection
2023-05-12 19:15:00