9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
99.9%
Vulnerabilities in Apache Commons and Log4j, such as execution of arbitrary code on the system, man-in-the-middle attack, and information disclosure, could affect the IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments. UPDATED 1/29/2021: Added 7.1 fix for IBM Spectrum Protect for Virtual Environments: Data Protection for VMware UPDATED 5/8/2021: Updated Remediation/Fixes section to correct Platforms for Spectrum Protect Client 8.1 - AIX, Linux, and Windows only.
CVEID:CVE-2019-17571
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-9488
**DESCRIPTION:**Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
**Third Party Entry:**177835
**DESCRIPTION:**Apache Commons Codec information disclosure
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
**Third Party Entry:**177835
**DESCRIPTION:**Apache Commons Codec information disclosure
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
**Third Party Entry:**177835
**DESCRIPTION:**Apache Commons Codec information disclosure
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Client | 8.1.0.0-8.1.10.0 |
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware | 8.1.0.0-8.1.10.0 |
7.1.0.0-7.1.8.9 |
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V| 8.1.0.0-8.1.10.0
IBM Spectrum Protect
Client Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.11| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6367205>
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.11| Linux
Windows| <https://www.ibm.com/support/pages/node/6152475>
7.1
| 7.1.8.10
| Linux
Windows
| <https://www.ibm.com/support/pages/node/316625>
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.11| Linux| <https://www.ibm.com/support/pages/node/6152475>
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
99.9%