IBM812E60FBB10B18C49910833A34B582DD2BF9DA85F74018C34652A7BBA182F1C6Security Bulletin: Password disclosure via instrumentation log file in IBM Spectrum Protect Plus (CVE-2018-1768)
0.0004 Low
EPSS
Percentile
12.6%
Summary
IBM Spectrum Protect Plus may display the user id and password in plain text within the instrumentation log file.
Vulnerability Details
CVEID: CVE-2018-1768 DESCRIPTION: IBM Spectrum Protect Plus could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148622> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
IBM Spectrum Protect Plus 10.1.0 and 10.1.1.
Remediation/Fixes
IBM Spectrum Protect Plus Release
| First Fixing
VRM Level|Platform|Link to Fix / Fix Availability Target
—|—|—|—
10.1
| 10.1.2 | Linux |
<http://www.ibm.com/support/docview.wss?uid=swg24044949>
.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect plus | eq | 10.1.0 | |
| ibm spectrum protect plus | eq | 10.1.1 |
Related
0.0004 Low
EPSS
Percentile
12.6%