Lucene search

K
ibmIBM7C19BE8A8C6D599EC26C8F91B338EE82E8BCEC65AE92B9B3FCD7F788CB655ACE
HistoryMay 22, 2023 - 11:42 p.m.

Security Bulletin: Vulnerabilities in Python may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

2023-05-2223:42:14
www.ibm.com
42
ibm spectrum protect plus
python
vulnerabilities
kubernetes
openshift
denial of service
sensitive information
cve-2020-10735
remediation
linux

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.006

Percentile

77.9%

Summary

IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift can be affected by vulnerabilities in Python. Vulnerabilities include denial of service on the system and obtaining sensitive information as described by the CVEs in the “Vulnerability Details” section.

Vulnerability Details

**CVEID:**CVE-2020-10735 DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int() type in PyLong_FromString(). A remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235840 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Plus Container Agent 10.1

Remediation/Fixes

Affected Versions Fixing****Level Platform Link to Fix
10.1.5 - 10.1.12 (Kubernetes)
10.1.7 - 10.1.12 (Red Hat OpenShift) 10.1.12.4 Linux https://www.ibm.com/support/pages/node/6603663

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_protect_plusMatch10.1
VendorProductVersionCPE
ibmspectrum_protect_plus10.1cpe:2.3:a:ibm:spectrum_protect_plus:10.1:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.006

Percentile

77.9%