CVE-2020-4854

Description

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

CVSS breakdown

CVSS 3.0

User Interaction

None

Privileges Required

None

Scope

Unchanged

Integrity

High

Availability

High

Confidentiality

High

Attack Complexity

Low

Attack Vector

Network

Changed

Unchanged

Affected products

ibm / Spectrum Protect Plus10.1.0 – 10.1.0
ibm / Spectrum Protect Plus10.1.6 – 10.1.6

References

MISChttps://www.ibm.com/support/pages/node/6367823
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/190454
MISChttps://www.tenable.com/security/research/tra-2020-66