← Back

CVE-2019-4385

nvd nist
Published: Jun 19, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploitability: 2.0 / Impact: 4.0
Source: NVD

Description

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

Affected (1)

Ibm
1 product
Spectrum Protect Plus
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Spectrum Protect Plus
From 10.1.2.219 to 10.1.2.303

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.