CVE-2020-4497 MEDIUM

CVE-2020-4497: IBM Spectrum Protect Plus information disclosure

Vendor Ibm
Product Spectrum Protect Plus
Weakness CWE-319 · Cleartext transmission
Published December 14, 2022
Last update April 17, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Key dates

02Disclosure timeline

December 14, 2022 CVE published
April 17, 2025 Record updated