CVE-2019-4385

MEDIUM

IBM Spectrum Protect Plus 10.1.2 - Info Disclosure

Title source: llm

Description

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=ibm10886099

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108899

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/162173

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

ibm/spectrum_protect_plus < 10.1.2.303

Timeline

Published Jun 19, 2019

Tracked Since Feb 18, 2026