2 matches found
Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854)
Summary IBM Spectrum Protect Plus contains hard-coded credentials which could allow a remote attacker to gain elevated privileges. UPDATED: 24 February 2021 - Remediation/Fixes section updated with additional vSnap requirements for upgrading to 10.1.7. UPDATED: 23 April 2021 - Added 10.1.8 fix...
CVE-2020-4854
IBM Spectrum Protect Plus versions 10.1.0–10.1.6 contain hard-coded credentials used for inbound authentication, outbound communication, or data encryption, representing a high-severity vulnerability (CVSS v3.1 score up to 9.8) with network exposure. The root cause is embedded credentials in the ...