CVE-2020-4477

MEDIUM

IBM Spectrum Protect Plus < 10.1.5 - Log Information Exposure

Title source: rule
STIX 2.1

Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6221388
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/181779

Scores

CVSS v3 6.5
EPSS 0.0024
EPSS Percentile 47.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (1)
ibm/spectrum_protect_plus 10.1.0 - 10.1.5
Published Jun 15, 2020
Tracked Since Feb 18, 2026