CVE-2018-1768 - Vulnerability Details - OpenCVE

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Spectrum Protect Plus

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0:::::::*
	cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2018-12347	IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=ibm10729219
http://www.securitytracker.com/id/1041715
https://exchange.xforce.ibmcloud.com/vulnerabilities/148622

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00056}`	epss `{'score': 0.00055}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-09-26T15:00:00Z

Updated: 2024-09-16T17:58:18.147Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1768

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-26T15:29:00.920

Modified: 2024-11-21T04:00:20.023

Link: CVE-2018-1768

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Protect Plus", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.1.1"}]}], "datePublic": "2018-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 4.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:L/S:C/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-27T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "1041715", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041715"}, {"name": "ibm-spectrum-cve20181768-info-disc(148622)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-09-24T00:00:00", "ID": "CVE-2018-1768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Protect Plus", "version": {"version_data": [{"version_value": "10.1.0"}, {"version_value": "10.1.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "L", "S": "C", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "1041715", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041715"}, {"name": "ibm-spectrum-cve20181768-info-disc(148622)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}, {"name": "http://www.ibm.com/support/docview.wss?uid=ibm10729219", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:07:44.351Z"}, "title": "CVE Program Container", "references": [{"name": "1041715", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041715"}, {"name": "ibm-spectrum-cve20181768-info-disc(148622)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1768", "datePublished": "2018-09-26T15:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T17:58:18.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "66BACE4D-D0E6-485A-86D8-02A52C1990BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spectrum_protect_plus:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4207510-3F72-4A48-9DD3-118E01FD25DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622."}, {"lang": "es", "value": "IBM Spectrum Protect Plus 10.1.0 y 10.1.1 podr\u00eda divulgar informaci\u00f3n sensible cuando un usuario autorizado ejecuta una operaci\u00f3n de prueba; el ID y la contrase\u00f1a del usuario podr\u00edan mostrarse en texto plano en un archivo de registro de instrumentaci\u00f3n. IBM X-Force ID: 148622."}], "id": "CVE-2018-1768", "lastModified": "2024-11-21T04:00:20.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-26T15:29:00.920", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041715"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10729219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041715"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148622"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}