IBM140DBFACAB8D70046B2AA8AED0F9DAB68F182DA3C977DEB33204005E463D13AFSecurity Bulletin: Stack-based Buffer Overflow in IBM Spectrum Protect Server (CVE-2021-20491)
0.0005 Low
EPSS
Percentile
17.2%
Summary
IBM Spectrum Protect Server is vulnerable to a stack-based buffer overflow.
Vulnerability Details
CVEID:CVE-2021-20491
**DESCRIPTION:**IBM Spectrum Protect Server is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197792 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Server | 8.1.0.000-8.1.10.100 and 8.1.11.000 |
| 7.1.0.000-7.1.12.xxx |
Remediation/Fixes
IBM Spectrum Protect Server Release|First Fixing VRM Level|
APAR
| Platform|Link to Fix
—|—|—|—|—
8.1| 8.1.10.200| IT34975
| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6323469>
8.1
| 8.1.11.100
| IT34975
| AIX
Linux
Windows
|
<https://www.ibm.com/support/pages/node/6442973>
7.1| 7.1.13| IT34975
| AIX
HP-UX
Linux
Solaris
Windows|
<https://www.ibm.com/support/pages/node/6411459>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect | eq | 8.1 | |
| ibm spectrum protect | eq | 7.1 |
Related
0.0005 Low
EPSS
Percentile
17.2%