CVE-2020-4477
MEDIUMIBM Spectrum Protect Plus 10.1.0-10.1.5 - Sensitive Information Disclosure in Virgo Log File
Title source: llmDescription
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6221388
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/181779
Scores
CVSS v3
6.5
EPSS
0.0094
EPSS Percentile
56.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
ibm/spectrum_protect_plus
10.1.0 - 10.1.5
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026