CVE-2020-4216

Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066.

CVSS breakdown

CVSS 3.0

Integrity

None

Availability

None

Scope

Unchanged

User Interaction

None

Confidentiality

High

Attack Complexity

Low

Privileges Required

None

Attack Vector

Network

Changed

Unchanged

Affected products

ibm / Spectrum Protect Plus10.1.0 – 10.1.0
ibm / Spectrum Protect Plus10.1.5 – 10.1.5

References

MISChttps://www.ibm.com/support/pages/node/6221332
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/175066
VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-20-710/