Information disclosure in IBM Spectrum Protect Server

Published: 2018-11-09 13:34:53
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1788
CVSSv3 3.6 [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Local
Public exploit Not available
Vulnerable software Spectrum Protect Server
Vulnerable software versions Spectrum Protect Server 7.1.9
Spectrum Protect Server 7.1.8
Spectrum Protect Server 7.1.7
Show more
Vendor URL IBM Corporation

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local high-privileged attacker to obtain potentially sensitive information.

The vulnerability exists due to information exposure when tracing is enabled. A local attacker can view some passwords that are displayed in the IBM Spectrum Protect server trace file.

Remediation

The vulnerability has been fixed in the versions 7.1.8.100, 8.1.6.

External links

http://www-01.ibm.com/support/docview.wss?uid=ibm10730357

Back to List