Security Bulletin: IBM Spectrum Protect Plus is vulnerable to SSRF, MITM, and CORS attacks

Summary

IBM Spectrum Protect Plus is vulnerable to Server-Side Request Forgery (SSRF), Man-in-the-Middle (MITM) attack, and Cross-Origin Resource Sharing (CORS) attack.

Vulnerability Details

CVEID:CVE-2021-39057
**DESCRIPTION:**IBM Spectrum Protect Plus is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-4496
**DESCRIPTION:**The IBM Spectrum Protect Plus server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2021-39063
**DESCRIPTION:**IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214956 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None