Vulnerability Description
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Plus | >= 10.1.2.219, <= 10.1.2.303 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=ibm10886099PatchVendor Advisory
- http://www.securityfocus.com/bid/108899Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/162173VDB EntryVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=ibm10886099PatchVendor Advisory
- http://www.securityfocus.com/bid/108899Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/162173VDB EntryVendor Advisory
FAQ
What is CVE-2019-4385?
CVE-2019-4385 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. I...
How severe is CVE-2019-4385?
CVE-2019-4385 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-4385?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect Plus.