7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
71.5%
IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management can be affected by vulnerabilities in moment, ansi-regex, Node.js, and minimatch. Vulnerabilities include denial of service attacks, obtaining sensitive information, and directory traversal, as described by the CVEs in the “Vulnerability Details” section.
CVEID:CVE-2022-29244
**DESCRIPTION:**Node.js npm module could allow a remote authenticated attacker to obtain sensitive information, caused by an issue with ignoring root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag. By sending a specially-crafted request using npm pack or npm publish, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228303 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-3517
**DESCRIPTION:**minimatch is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the braceExpand function. By sending specially-crafted regex arguments, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2021-3807
**DESCRIPTION:**Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209596 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-31129
**DESCRIPTION:**Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230690 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-24785
**DESCRIPTION:**Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafted locale string containing “dot dot” sequences (/…/) to switch arbitrary moment locale.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Client | 8.1.7.0-8.1.17.1 |
IBM Spectrum Protect for Space Management | 8.1.7.0-8.1.17.1 |
IBM Spectrum Protect Backup-Archive Client Release | Fixing Level | Platforms | Link to fix and instructions |
---|---|---|---|
8.1.7.0 - 8.1.17.1 | 8.1.17.2 | AIX | |
Linux | |||
Windows | _<https://www.ibm.com/support/pages/node/6832422> | ||
_ |
IBM Spectrum Protect for Space Management Release | Fixing Level | Platforms | Link to fix and instructions |
---|---|---|---|
8.1.7.0 - 8.1.17.1 | 8.1.17.2 | AIX | |
Linux | _<https://www.ibm.com/support/pages/node/6833196> | ||
_ |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect | eq | 8.1 | |
ibm spectrum protect for space management | eq | 8.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
71.5%