Lucene search

K
ibmIBM71178649DAE291F65047EBAD5DC7F0B730F20887C61F919FE3C73C8452DD03EA
HistoryApr 24, 2021 - 6:07 a.m.

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft File Systems backup and restore (CVE-2020-25659)

2021-04-2406:07:53
www.ibm.com
12
python-cryptography
ibm-spectrum-protect-plus
microsoft-file-systems
backup-restore
vulnerability
cve-2020-25659
remote-attacker
sensitive-information
rsa-decryption-api

EPSS

0.001

Percentile

44.7%

Summary

Vulnerability in python-cryptography may affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore.

Vulnerability Details

CVEID:CVE-2020-25659
**DESCRIPTION:**python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192485 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Plus Microsoft File Systems backup and restore
10.1.6-10.1.7

Remediation/Fixes

IBM Spectrum Protect Plus Release First Fixing VRM Level Platform Link to Fix
10.1 10.1.8 Windows <https://www.ibm.com/support/pages/node/6415111&gt;

Workarounds and Mitigations

None