CVE-2020-4497 - OpenCVE

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Spectrum Protect Plus

Configuration 1 [-]

cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/182106	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6847627	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2022-12-14T21:50:35.313Z

Updated:

Reserved: 2019-12-30T00:00:00.000Z

Link: CVE-2020-4497

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-14T22:15:10.340

Modified: 2023-11-07T03:23:14.463

Link: CVE-2020-4497

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2020-4497", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "requesterUserId": "b10c23db-d69c-4177-8d87-267a354894ff", "dateReserved": "2019-12-30T00:00:00.000Z", "datePublished": "2022-12-14T21:50:35.313Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Spectrum Protect Plus", "vendor": "IBM", "versions": [{"lessThan": "10.1.12", "status": "affected", "version": "10.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.</span>\n\n"}], "value": "\nIBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2022-12-14T21:50:35.313Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6847627"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Spectrum Protect Plus information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "9906046F-FA67-4760-BF8E-D2CDDD0C98B7", "versionEndExcluding": "10.1.13", "versionStartIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.\n\n"}, {"lang": "es", "value": "IBM Spectrum Protect Plus 10.1.0 a 10.1.12 divulga informaci\u00f3n confidencial debido al uso de datos no cifrados en el flujo de comunicaci\u00f3n entre Spectrum Protect Plus vSnap y sus agentes. Un atacante podr\u00eda obtener informaci\u00f3n utilizando t\u00e9cnicas principales en el medio. ID de IBM X-Force: 182106."}], "id": "CVE-2020-4497", "lastModified": "2023-11-07T03:23:14.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2022-12-14T22:15:10.340", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6847627"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}