Lucene search

IbmCVELIST:CVE-2019-4385

HistoryJun 17, 2019 - 12:00 a.m.

CVE-2019-4385

2019-06-1700:00:00

ibm

www.cve.org

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

CNA Affected

[
  {
    "product": "Spectrum Protect Plus",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.2"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=ibm10886099

www.securityfocus.com/bid/108899

exchange.xforce.ibmcloud.com/vulnerabilities/162173

5.9 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVELIST:CVE-2019-4385