Lucene search

IbmCVELIST:CVE-2023-35897

HistoryOct 06, 2023 - 1:06 p.m.

CVE-2023-35897 IBM Spectrum Protect code execution

2023-10-0613:06:34

CWE-94

ibm

www.cve.org

ibm

spectrum protect

code execution

vulnerability

dll hijacking

x-force id

ibm storage protect

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.4%

JSON

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Storage Protect Client",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "8.1.19.0",
        "status": "affected",
        "version": "8.1.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Storage Protect for Virtual Environments",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "8.1.19.0",
        "status": "affected",
        "version": "8.1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/259246

www.ibm.com/support/pages/node/7037299

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.4%

JSON

Related for CVELIST:CVE-2023-35897