Vulnerability in python-cryptography may affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore.
CVEID:CVE-2020-25659
**DESCRIPTION:**python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192485 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus Microsoft File Systems backup and restore | |
10.1.6-10.1.7 |
IBM Spectrum Protect Plus Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
10.1 | 10.1.8 | Windows | <https://www.ibm.com/support/pages/node/6415111> |
None