4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments (Data Protection for Hyper-V and Data Protection for VMware), and IBM Storage Protect for Space Management, can be affected by a vulnerability in the Administrative command line interface. The vulnerability can lead to information disclosure, as described by the CVEs in the “Vulnerability Details” section.
CVEID:CVE-2023-40368
**DESCRIPTION:**IBM Storage Protect Client could allow a privileged user to obtain sensitive information from the administrative command line client.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263456 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Protect Client | 8.1.0.0 - 8.1.19.0 |
IBM Storage Protect for Space Management | 8.1.0.0 - 8.1.19.0 |
IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V | 8.1.0.0 - 8.1.19.0 |
IBM Storage Protect for Virtual Environments: Data Protection for VMware | 8.1.0.0 - 8.1.19.0 |
IBM strongly recommends addressing the vulnerability now by upgrading.
The affected product component has been updated to resolve the issue. A new processing option, -CREDENTIALSFILE, has been introduced. See the product documentation (“What’s new”) for more details on this change.
**Product ** | Fixing level | Platforms | Link to fix and instructions |
---|---|---|---|
IBM Storage Protect Backup-Archive Client | 8.1.20.0 | AIX | |
HP-UX | |||
Linux | |||
Macintosh | |||
Solaris | |||
Windows | <https://www.ibm.com/support/pages/node/7015829> | ||
IBM Storage Protect for Space Management | 8.1.20.0 | AIX | |
Linux | <https://www.ibm.com/support/pages/node/7015827> | ||
IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V | 8.1.20.0 | Windows | <https://www.ibm.com/support/pages/node/7015823> |
IBM Storage Protect for Virtual Environments: Data Protection for VMware | 8.1.20.0 | Linux | |
Windows | <https://www.ibm.com/support/pages/node/7015823> |
None
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%