CVE-2020-4783

Published: Nov 23, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.

Affected (1)

Products: Ibm: Spectrum Protect Plus

1 product

Spectrum Protect Plus

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Spectrum Protect Plus	From 10.1.0 to 10.1.6

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/189214

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6368601

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/189214

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6368601

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.