Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM01E41ABCDC019E5058A6A932FD2E283DA1D72D7CED70C28191411A6C7F270FF5
HistoryDec 10, 2021 - 4:37 p.m.

Security Bulletin: Stack-based Buffer Overflow vulnerability in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Space Management (CVE-2021-39048)

2021-12-1016:37:13
www.ibm.com
7

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.7%

JSON

Summary

IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Space Management are vulnerable to a stack-based buffer overflow caused by improper bounds checking.

Vulnerability Details

CVEID:CVE-2021-39048
**DESCRIPTION:**IBM Spectrum Protect Client is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214438 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Backup-Archive Client 8.1.0.0-8.1.12.0 on AIX, Linux, and Solaris platforms
7.1.0.0-7.1.8.10 on AIX, Linux, Solaris, and HP-UX platforms
IBM Spectrum Protect for Space Management 8.1.0.0-8.1.12.0 on AIX and Linux platforms
7.1.0.0-7.1.8.10 on AIX and Linux platforms

Remediation/Fixes

IBM Spectrum Protect
Backup-Archive Client Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.13| AIX
Linux
Solaris| <https://www.ibm.com/support/pages/node/6524938&gt;
7.1| 7.1.8.11| AIX
HP-UX
Linux
Solaris| <https://www.ibm.com/support/pages/node/316619&gt;

IBM Spectrum Protect for
Space Management Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.13| AIX
Linux| <https://www.ibm.com/support/pages/node/6488915&gt;
7.1| 7.1.8.11| AIX
Linux| <https://www.ibm.com/support/pages/node/316075&gt;

Workarounds and Mitigations

None

Related

cnvd 1
prion 1
cve 1
gentoo 1
nessus 1
cnvd
cnvd
IBM Spectrum Protect Client Buffer Overflow Vulnerability (CNVD-2021-103663)
2021-12-17 00:00:00
prion
prion
Stack overflow
2021-12-13 19:15:00
cve
cve
CVE-2021-39048
2021-12-13 19:15:00
gentoo
gentoo
IBM Spectrum Protect: Multiple Vulnerabilities
2022-09-07 00:00:00
nessus
nessus
GLSA-202209-02 : IBM Spectrum Protect: Multiple Vulnerabilities
2022-09-07 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for 01E41ABCDC019E5058A6A932FD2E283DA1D72D7CED70C28191411A6C7F270FF5
cnvd1prion1cve1gentoo1nessus1