exploitDog

CVE-2020-4497

Опубликовано: 14 дек. 2022

Источник: nvd

CVSS3: 6.8

CVSS3: 5.9

EPSS Низкий

Описание

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/182106
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6847627
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/182106
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6847627
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*

Версия от 10.1.0 (включая) до 10.1.13 (исключая)

EPSS

Процентиль: 35%

0.00146

Низкий

6.8 Medium

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-319

CWE-319

Связанные уязвимости

GHSA-m376-rjrp-x9hg

CVSS3: 5.9

github

около 3 лет назад

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

EPSS

Процентиль: 35%

0.00146

Низкий

6.8 Medium

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-319

CWE-319