CVE-2019-4385

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

Published: Jun 19, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-4385
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / spectrum_protect_plus	10.1.2.219	10.1.2.303.x

http://www.ibm.com/support/docview.wss?uid=ibm10886099
http://www.securityfocus.com/bid/108899
https://exchange.xforce.ibmcloud.com/vulnerabilities/162173

Vulnerability Database

289,697

CVE-2019-4385