What is CVE-2020-4497?

CVE-2020-4497 is a medium-severity vulnerability in Ibm Spectrum Protect Plus, classified under Cleartext Transmission of Sensitive Information. CVSS score: 6.8/10. Published 2022-12-14.

How severe is CVE-2020-4497?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Is CVE-2020-4497 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Spectrum Protect Plus

CVE-2020-4497

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using m…

EPSS: 0.001 (34.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Ibm Spectrum Protect Plus — versions 10.1.0

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-4497

References

www.ibm.com/support/pages/node/6847627 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/182106 (vdb-entry)

Frequently asked questions

What is CVE-2020-4497?: CVE-2020-4497 is a medium-severity vulnerability in Ibm Spectrum Protect Plus, classified under Cleartext Transmission of Sensitive Information. CVSS score: 6.8/10. Published 2022-12-14.
How severe is CVE-2020-4497?: Medium severity. CVSS v3 base score is 6.8 out of 10.
Is CVE-2020-4497 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.