IBM Spectrum Protect Plus up to 10.1.5 Log File cleartext storage

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). This affects an unknown function of the component Log File. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/16/2020 12:07 PM10/24/2020 06:33 PM10/24/2020 06:38 PM
vendorIBMIBMIBM
nameSpectrum Protect PlusSpectrum Protect PlusSpectrum Protect Plus
version10.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.510.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.510.1.0/10.1.1/10.1.2/10.1.3/10.1.4/10.1.5
componentLog FileLog FileLog File
risk111
cvss2_vuldb_basescore2.12.12.1
cvss2_vuldb_tempscore2.12.12.1
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss3_meta_basescore4.24.24.2
cvss3_meta_tempscore4.24.24.2
cvss3_vuldb_basescore3.13.13.1
cvss3_vuldb_tempscore3.13.13.1
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
date1592179200 (06/15/2020)1592179200 (06/15/2020)1592179200 (06/15/2020)
urlhttps://www.ibm.com/support/pages/node/6221388https://www.ibm.com/support/pages/node/6221388https://www.ibm.com/support/pages/node/6221388
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2020-4477CVE-2020-4477CVE-2020-4477
seealso156764 156763 156762156764 156763 156762156764 156763 156762
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore5.35.35.3
typeBackup SoftwareBackup SoftwareBackup Software
cvss3_nvd_avNNN
cvss3_nvd_acHHH
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iNNN
cvss3_nvd_aNNN
cve_assigned157766400015776640001577664000
cve_nvd_summaryIBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.
cwe312 (weak encryption)312 (weak encryption)312 (weak encryption)
confirm_urlhttps://www.ibm.com/support/pages/node/6221388https://www.ibm.com/support/pages/node/6221388
xforce181779181779
cve_cnaIBM Corporation

Do you need the next level of professionalism?

Upgrade your account now!