Detections
Analytics

IBM Spectrum Protect 8.1.x < 8.1.10.100 Information Disclosure

low Nessus Plugin ID 140200

Language:

Synopsis

The backup service installed on the remote host is affected by an information disclosure vulnerability.

Description

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 8.1.x < 8.1.10.100. It is, therefore, affected by an information disclosure vulnerability in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to IBM Spectrum Protect 8.1.10.100 or later.

See Also

https://exchange.xforce.ibmcloud.com/vulnerabilities/184746

https://www.ibm.com/support/pages/node/6323469

https://www.ibm.com/support/pages/node/6323765

Plugin Details

Severity: Low

ID: 140200

File Name: ibm_spectrum_protect_cve-2020-4591.nasl

Version: 1.4

Type: combined

Family: General

Published: 9/3/2020

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-4591

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager, x-cpe:/a:ibm:spectrum_protect

Exploit Ease: No known exploits are available

Patch Publication Date: 8/27/2020

Vulnerability Publication Date: 9/1/2020

Reference Information

CVE: CVE-2020-4591

IAVB: 2020-B-0052