CVE-2020-5018
First published: Thu Jan 07 2021(Updated: )
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | <=10.1.0-10.1.6 | |
| IBM Spectrum Protect Plus | >=10.1.0<10.1.7 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-5018.
What is the severity level of CVE-2020-5018?
The severity level of CVE-2020-5018 is high, with a severity value of 7.5.
What is the affected software for this vulnerability?
The affected software for this vulnerability is IBM Spectrum Protect Plus version 10.1.0 through 10.1.6.
What is the risk associated with this vulnerability?
The risk associated with this vulnerability is the potential exposure of sensitive information in URLs, which can be captured by an attacker.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update IBM Spectrum Protect Plus to version 10.1.7 or higher.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0
- vendor/linux
- canonical/linux linux kernel
- version/ibm spectrum protect plus/10.1.0-10.1.6