Lucene search

IBM0FE32D5711E9513FBF782B65D4595B2F11C2837EF58F2A3F6F32726210DF79CC

HistoryJul 13, 2023 - 2:38 p.m.

Security Bulletin: A vulnerability in IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management can lead to denial of service (CVE-2023-33832)

2023-07-1314:38:32

www.ibm.com

ibm spectrum protect

denial of service

ibm storage protect

vulnerability

ibm

space management

virtual environments

cve-2023-33832

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments (Data Protection for Hyper-V and Data Protection for VMware), and IBM Storage Protect for Space Management can be affected by a vulnerability that leads to denial of service. The vulnerability is described by the CVE in the “Vulnerability Details” section.

Vulnerability Details

CVEID:CVE-2023-33832
**DESCRIPTION:**IBM Spectrum Protect could allow a local user to cause a denial of service due to due to imprope time-of-check to time-of-use functionality.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256012 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Protect Client	8.1.0.0 - 8.1.17.0
IBM Storage Protect for Virtual Environments	8.1.0.0 - 8.1.17.0
IBM Storage Protect for Space Management	8.1.0.0 - 8.1.17.0

Remediation/Fixes

Product	Fixing level	Platforms	Link to fix and instructions
IBM Storage Protect Backup-Archive Client

8.1.17.2

| AIX
HP-UX
Linux
Macintosh
Solaris
Windows|

<https://www.ibm.com/support/pages/node/6832422>

IBM Storage Protect Backup-Archive Client|

8.1.19.0

| AIX
HP-UX
Linux
Macintosh
Solaris
Windows|

<https://www.ibm.com/support/pages/node/6989101>

IBM Storage Protect for Space Management|

8.1.17.2

AIX

Linux

<https://www.ibm.com/support/pages/node/6833196>

IBM Storage Protect for Space Management|

8.1.19.0

| AIX
Linux|

<https://www.ibm.com/support/pages/node/6989089>

IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V|

8.1.17.2

| Windows|

<https://www.ibm.com/support/pages/node/6827869>

IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V|

8.1.19.0

| Windows|

<https://www.ibm.com/support/pages/node/6989083>

IBM Storage Protect for Virtual Environments: Data Protection for VMware|

8.1.17.2

| Linux
Windows|

<https://www.ibm.com/support/pages/node/6827869>

IBM Storage Protect for Virtual Environments: Data Protection for VMware|

8.1.19.0

| Linux
Windows|

<https://www.ibm.com/support/pages/node/6989083>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_protect_for_space_managementMatch8.1.

ibmspectrum_protect_for_virtual_environmentsMatch8.1.

ibmstorage_protectMatch8.1.

CPENameOperatorVersion
ibm storage protect for space managementeq8.1.
ibm storage protect for virtual environmentseq8.1.
ibm storage protecteq8.1.

Name	Operator	Version
ibm storage protect for space management	eq	8.1.
ibm storage protect for virtual environments	eq	8.1.
ibm storage protect	eq	8.1.

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for 0FE32D5711E9513FBF782B65D4595B2F11C2837EF58F2A3F6F32726210DF79CC