CVE-2018-1768
First published: Wed Sep 26 2018(Updated: )
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | =10.1.0 | |
| IBM Spectrum Protect Plus | =10.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1768?
CVE-2018-1768 has a medium severity rating due to its potential to expose sensitive user credentials.
How do I fix CVE-2018-1768?
To mitigate CVE-2018-1768, it is recommended to upgrade IBM Spectrum Protect Plus to a version that does not contain this vulnerability.
Who is affected by CVE-2018-1768?
CVE-2018-1768 affects users of IBM Spectrum Protect Plus versions 10.1.0 and 10.1.1.
What impact does CVE-2018-1768 have on users?
CVE-2018-1768 may result in unauthorized disclosure of user IDs and passwords in plain text within log files.
What versions of IBM Spectrum Protect Plus are vulnerable to CVE-2018-1768?
IBM Spectrum Protect Plus versions 10.1.0 and 10.1.1 are vulnerable to CVE-2018-1768.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0
- version/ibm spectrum protect plus/10.1.1