CVE-2017-1378

HIGH

IBM Spectrum Protect <8.1 - Info Disclosure

Title source: llm

Description

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22006215

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/126875

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 10.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status draft

Affected Products (50)

ibm/tivoli_storage_manager

... and 35 more

Timeline

Published Oct 05, 2017

Tracked Since Feb 18, 2026