ID CVE-2020-5018
Summary IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:p1:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1.142:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1.142:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.209:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.209:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.219:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.219:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.247:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.247:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.271:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.271:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.303:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.303:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.350:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.2.350:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3:p1:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3.236:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3.236:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3.286:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.3.286:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.145:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.145:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.179:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.179:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.222:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.222:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.254:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.254:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.277:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.277:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2130:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2130:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2153:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2153:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2181:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2181:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2199:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.5.2199:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-01-2021 - 18:17)
Impact:
Exploitability:
CWE CWE-312
CAPEC
  • Retrieve Embedded Sensitive Data
    An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm https://www.ibm.com/support/pages/node/6398754
xf ibm-spectrum-cve20205018-info-disc (193654)
Last major update 13-01-2021 - 18:17
Published 08-01-2021 - 19:15
Last modified 13-01-2021 - 18:17
Back to Top