Описание
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.1.0 (включая) до 10.1.9 (исключая)
Одновременно
cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
6.5 Medium
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-346
Связанные уязвимости
github
около 4 лет назад
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.
EPSS
Процентиль: 24%
0.00082
Низкий
6.5 Medium
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-346