// For flags

CVE-2020-4497

IBM Spectrum Protect Plus information disclosure

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

IBM Spectrum Protect Plus 10.1.0 a 10.1.12 divulga información confidencial debido al uso de datos no cifrados en el flujo de comunicación entre Spectrum Protect Plus vSnap y sus agentes. Un atacante podría obtener información utilizando técnicas principales en el medio. ID de IBM X-Force: 182106.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-30 CVE Reserved
  • 2022-12-14 CVE Published
  • 2024-07-06 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
 Spectrum Protect Plus
Search vendor "Ibm" for product "Spectrum Protect Plus"
 >= 10.1.0 < 10.1.13
Search vendor "Ibm" for product "Spectrum Protect Plus" and version " >= 10.1.0 < 10.1.13"
-
Affected