Main Vulnerability Database Vulnerabilities #VU73998

#VU73998 Insufficiently protected credentials in IBM Spectrum Protect Plus - CVE-2023-27863

Published: March 23, 2023

Vulnerability identifier: #VU73998

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-27863

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Spectrum Protect Plus

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to IBM Spectrum Protect Plus for Db2 and Oracle with transport encryption enabled can expose SMB credentials to access vSnap data stores. A remote privileged user can obtain SMB credentials that may be used to access vSnap data stores.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/6965812

#VU73998 Insufficiently protected credentials in IBM Spectrum Protect Plus - CVE-2023-27863

Description

Remediation

External links

Please verify you're human