Medium Severity
IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769)
Feb 26, 2019 9:00 am EST
Categorized: Medium Severity
Share this post:
IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center my display the password in plain text in the trace file when tracing is turned on.
CVE(s): CVE-2018-1769
Affected product(s) and affected version(s):
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:
- 8.1.0.000 through 8.1.6.100
- 7.1.0.000 through 7.1.9.100
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10735281
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148623
Security Bulletin: IBM OpenPages with Watson has addressed an information disclosure vulnerability (CVE-2020-4536)
May 10, 2021 8:00 pm EDT | Medium Severity
IBM OpenPages with Watson has addressed an information disclosure vulnerability caused by improper validation. ...read more
Security Bulletin: IBM OpenPages with Watson has addressed a cross-site scripting vulnerability (CVE-2020-4535)
May 10, 2021 8:00 pm EDT | Medium Severity
IBM OpenPages with Watson has addressed a cross-site scripting vulnerability caused by improper validation. ...read more
Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577
May 7, 2021 8:00 pm EDT | Medium Severity
IBM Cloud Pak for Security versions 1.5.0.1 and earlier is vulnerable to the following CVEs: CVE-2021-20538, meaning that sensitive information can be obtained by the user without sufficient authorisation. CVE-2021-20577, allowing cross side scripting that can potentially lead to credentials disclosure. These are addressed in CP4S 1.6.0.0 and later versions ...read more