#VU89605 Inclusion of Sensitive Information in Log Files in IBM Spectrum Virtualize - CVE-2022-43870


Vulnerability identifier: #VU89605

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-43870

CWE-ID: CWE-532

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Spectrum Virtualize
Server applications / Virtualization software

Vendor: IBM Corporation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to IBM Spectrum Virtualize could disclose SNMPv3 server credentials to an authenticated user in log files. A local user can read the log files and gain access to sensitive data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Spectrum Virtualize: before 8.3.1.9

External links
https://www.ibm.com/support/pages/node/6858045
https://exchange.xforce.ibmcloud.com/vulnerabilities/239540

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Inclusion of sensitive information in log files in IBM Spectrum Virtualize