CVE-2019-4385
First published: Mon Jun 17 2019(Updated: )
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Storage Protect Plus | >=10.1.2.219<=10.1.2.303 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-4385?
CVE-2019-4385 has a medium severity rating due to the potential exposure of sensitive information.
How do I fix CVE-2019-4385?
To fix CVE-2019-4385, you should upgrade IBM Spectrum Protect Plus to a version beyond 10.1.2.303.
What systems are affected by CVE-2019-4385?
CVE-2019-4385 affects IBM Spectrum Protect Plus versions 10.1.2.219 to 10.1.2.303.
What are the potential impacts of CVE-2019-4385?
The potential impacts of CVE-2019-4385 include unauthorized access to sensitive data and vSnap resources.
Is CVE-2019-4385 a remote exploit?
CVE-2019-4385 is not classified as a remote exploit but poses a risk of information disclosure.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm storage protect plus
- version/ibm storage protect plus/10.1.2.219
- version/ibm storage protect plus/10.1.2.303