Insufficiently protected credentials in IBM Spectrum Protect Plus - CVE-2023-27863

 

Insufficiently protected credentials in IBM Spectrum Protect Plus - CVE-2023-27863

Published: March 23, 2023


Vulnerability identifier: #VU73998
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-27863
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Spectrum Protect Plus

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to IBM Spectrum Protect Plus for Db2 and Oracle with transport encryption enabled can expose SMB credentials to access vSnap data stores. A remote privileged user can obtain SMB credentials that may be used to access vSnap data stores.


How to mitigate CVE-2023-27863

Install updates from vendor's website.

Sources