CVE-2018-1768 - OpenCVE

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Spectrum Protect Plus

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0:::::::*
	cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:::::::*

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ibm10729219	Patch Vendor Advisory
http://www.securitytracker.com/id/1041715	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/148622	VDB Entry Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2018-09-24T00:00:00

Updated: 2018-09-27T09:57:01

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1768

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-26T15:29:00.920

Modified: 2019-10-09T23:39:02.930

Link: CVE-2018-1768

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "Spectrum Protect Plus", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.1.1"}]}], "datePublic": "2018-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 4.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:L/S:C/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-27T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "1041715", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041715"}, {"name": "ibm-spectrum-cve20181768-info-disc(148622)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-09-24T00:00:00", "ID": "CVE-2018-1768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Protect Plus", "version": {"version_data": [{"version_value": "10.1.0"}, {"version_value": "10.1.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "L", "S": "C", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "1041715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041715"}, {"name": "ibm-spectrum-cve20181768-info-disc(148622)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}, {"name": "http://www.ibm.com/support/docview.wss?uid=ibm10729219", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1768", "datePublished": "2018-09-24T00:00:00", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2018-09-27T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "66BACE4D-D0E6-485A-86D8-02A52C1990BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4207510-3F72-4A48-9DD3-118E01FD25DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622."}, {"lang": "es", "value": "IBM Spectrum Protect Plus 10.1.0 y 10.1.1 podr\u00eda divulgar informaci\u00f3n sensible cuando un usuario autorizado ejecuta una operaci\u00f3n de prueba; el ID y la contrase\u00f1a del usuario podr\u00edan mostrarse en texto plano en un archivo de registro de instrumentaci\u00f3n. IBM X-Force ID: 148622."}], "id": "CVE-2018-1768", "lastModified": "2019-10-09T23:39:02.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-09-26T15:29:00.920", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041715"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}