CVE-2020-4591

LOW

IBM Spectrum Protect Server < 8.1.10.000 - Missing Encryption

Title source: rule

Description

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6323765

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/184746

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-311

Status published

Products (1)

ibm/spectrum_protect_server 8.1.0.000 - 8.1.10.000

Published Aug 28, 2020

Tracked Since Feb 18, 2026