Description
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.
Affected Software
Related
{"id": "CVE-2021-38901", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-38901", "description": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.", "published": "2021-12-13T19:15:00", "modified": "2021-12-15T21:50:00", "epss": [{"cve": "CVE-2021-38901", "epss": 0.00042, "percentile": 0.05691, "modified": "2023-05-23"}], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38901", "reporter": "psirt@us.ibm.com", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/209610", "https://www.ibm.com/support/pages/node/6524924"], "cvelist": ["CVE-2021-38901"], "immutableFields": [], "lastseen": "2023-05-23T15:39:33", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2021-103665"]}, {"type": "ibm", "idList": ["4A505A2769920956A0E7DA933BDB475441D06B1738D5ED589051D4420F4C3D04"]}]}, "score": {"value": 2.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm spectrum protect operations center", "version": 7}]}, "epss": [{"cve": "CVE-2021-38901", "epss": 0.00042, "percentile": 0.05655, "modified": "2023-05-03"}], "vulnersScore": 2.3}, "_state": {"dependencies": 1685073320, "score": 1684856603, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "cccbb6a57347f933493b07e5c1a8e83b"}, "cna_cvss": {"cna": "IBM Corporation", "cvss": {"3": {"vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "score": 5.1}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-200"], "affectedSoftware": [{"cpeName": "ibm:spectrum_protect_operations_center", "version": "7.1.14", "operator": "lt", "name": "ibm spectrum protect operations center"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.14:*:*:*:*:*:*:*", "versionStartIncluding": "7.1.0.000", "versionEndExcluding": "7.1.14", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610", "name": "ibm-spectrum-cve202138901-info-disc (209610)", "refsource": "XF", "tags": ["VDB Entry", "Vendor Advisory"]}, {"url": "https://www.ibm.com/support/pages/node/6524924", "name": "https://www.ibm.com/support/pages/node/6524924", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}], "product_info": [{"vendor": "IBM", "product": "Spectrum Protect Operations Center"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": [], "assigned": "1976-01-01T00:00:00"}
{"cnvd": [{"lastseen": "2022-11-05T07:18:11", "description": "IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control of the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to to obtain highly sensitive information.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-17T00:00:00", "type": "cnvd", "title": "IBM Spectrum Protect Operations Center Information Disclosure Vulnerability (CNVD-2021-103665)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38901"], "modified": "2021-12-31T00:00:00", "id": "CNVD-2021-103665", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-103665", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2023-05-23T17:59:57", "description": "## Summary\n\nIf tracing is enabled in Operations Center, user credentials may be displayed in the trace file in plain text.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-38901](<https://vulners.com/cve/CVE-2021-38901>) \n** DESCRIPTION: **IBM Spectrum Protect Operations Center, under special configurations, could allow a local user to obtain highly sensitive information. \nCVSS Base score: 5.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 7.1.0.000-7.1.13.xxx \n \n## Remediation/Fixes\n\n \n**Operations \nCenter Release**| **First Fixing** \n**VRM Level**| **Platform**| **APAR ** ** \n**| **Link to Fix** \n---|---|---|---|--- \n7.1| 7.1.14| AIX \nLinux \nWindows| \n\nIT38340\n\n| \n\n<https://www.ibm.com/support/pages/node/6518992> \n \n## Workarounds and Mitigations\n\nTo minimize exposure to this vulnerability, do not turn on tracing unless instructed to do so by IBM and delete existing trace files that are no longer needed.\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T13:45:25", "type": "ibm", "title": "Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2021-38901)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38901"], "modified": "2021-12-15T13:45:25", "id": "4A505A2769920956A0E7DA933BDB475441D06B1738D5ED589051D4420F4C3D04", "href": "https://www.ibm.com/support/pages/node/6524924", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-08-16T06:56:30", "description": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-13T19:15:00", "type": "prion", "title": "CVE-2021-38901", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38901"], "modified": "2021-12-15T21:50:00", "id": "PRION:CVE-2021-38901", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38901", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}
CVE-2021-38901
