Description
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
User Interaction
None
Integrity
Low
Scope
Unchanged
Availability
None
Confidentiality
Low
Privileges Required
None
Attack Complexity
Low
RC
Changed
RL
O
E
Unchanged
Affected products
- ibm / Spectrum Protect Plus10.1.0 – 10.1.0
- ibm / Spectrum Protect Plus10.1.7 – 10.1.7