A vulnerability was found in IBM Spectrum Protect Backup Software. It has rated as problematic. Affected by this issue is an unknown code block of the component Container Pool Handler.
The manipulation with an unknown input leads to a weak encryption vulnerability. Using CWE to declare the problem leads to CWE-311 . Impacted is confidentiality.
The weakness was shared 08/28/2020. The advisory is shared for download at ibm.com .
This vulnerability is handled as CVE-2020-4591 since 12/30/2019. The exploitation is known to be difficult. The attack needs to be approached locally.
The requirement for exploitation is a simple authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 08/29/2020 ). It is expected to see the exploit prices for this product increasing in the near future.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
It is expected to see the exploit prices for this product increasing in the near future.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.