8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
13.4%
IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments (Data Protection for VMware and Data Protection for Hyper-V) can be affected by a DLL hijacking flaw (CVE-2023-35897). The flaw can lead to arbitrary code execution, as described in the “Vulnerability Details” section. This issue affects the specified products running on Microsoft Windows. Other platforms are not affected.
CVEID:CVE-2023-35897
**DESCRIPTION:**IBM Spectrum Protect Client could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259246 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Protect Client | 8.1.0.0 - 8.1.19.0 |
IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V | 8.1.0.0 - 8.1.19.0 |
IBM Storage Protect for Virtual Environments: Data Protection for VMware | 8.1.0.0 - 8.1.19.0 |
IBM strongly recommends addressing the vulnerability now by upgrading.
**Product ** | Fixing level | Platforms | Link to fix and instructions |
---|---|---|---|
IBM Storage Protect Backup-Archive Client | 8.1.20.0 | Windows | <https://www.ibm.com/support/pages/node/7015829> |
IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V | 8.1.20.0 | Windows | <https://www.ibm.com/support/pages/node/7015823> |
IBM Storage Protect for Virtual Environments: Data Protection for VMware | 8.1.20.0 | Windows | <https://www.ibm.com/support/pages/node/7015823> |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm storage protect | eq | 8.1 | |
ibm storage protect for virtual environments | eq | 8.1 |
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
13.4%