Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2CDEDE45BB33D5969FDF07085435A2FBCBF529ED70B83F786B7A7536B3EDEC86
HistoryOct 04, 2023 - 1:00 p.m.

Security Bulletin: IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are vulnerable to arbitrary code execution due to a DLL hijacking flaw (CVE-2023-35897)

2023-10-0413:00:53
www.ibm.com
91
ibm storage protect
virtual environments
dll hijacking
arbitrary code execution
cve-2023-35897
vulnerability
upgrade
windows

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

13.4%

JSON

Summary

IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments (Data Protection for VMware and Data Protection for Hyper-V) can be affected by a DLL hijacking flaw (CVE-2023-35897). The flaw can lead to arbitrary code execution, as described in the “Vulnerability Details” section. This issue affects the specified products running on Microsoft Windows. Other platforms are not affected.

Vulnerability Details

CVEID:CVE-2023-35897
**DESCRIPTION:**IBM Spectrum Protect Client could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259246 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Protect Client 8.1.0.0 - 8.1.19.0
IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V 8.1.0.0 - 8.1.19.0
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 - 8.1.19.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading.

**Product ** Fixing level Platforms Link to fix and instructions
IBM Storage Protect Backup-Archive Client 8.1.20.0 Windows <https://www.ibm.com/support/pages/node/7015829&gt;
IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V 8.1.20.0 Windows <https://www.ibm.com/support/pages/node/7015823&gt;
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.20.0 Windows <https://www.ibm.com/support/pages/node/7015823&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_protectMatch8.1
OR
ibmspectrum_protect_for_virtual_environmentsMatch8.1

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Code injection
2023-10-06 14:15:00
nvd
nvd
CVE-2023-35897
2023-10-06 14:15:11
cve
cve
CVE-2023-35897
2023-10-06 14:15:11
cvelist
cvelist
CVE-2023-35897 IBM Spectrum Protect code execution
2023-10-06 13:06:34

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

13.4%

JSON
Related for 2CDEDE45BB33D5969FDF07085435A2FBCBF529ED70B83F786B7A7536B3EDEC86
prion1nvd1cve1cvelist1