Lucene search

[email protected]NVD:CVE-2023-35897

HistoryOct 06, 2023 - 2:15 p.m.

CVE-2023-35897

2023-10-0614:15:11

CWE-94

CWE-427

[email protected]

web.nvd.nist.gov

ibm

spectrum protect

storage client

vulnerability

dll hijacking

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

13.4%

JSON

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

Affected configurations

NVD

Node

ibmstorage_protectRange8.1.0.0–8.1.19.0virtual_environments\_data_protection_for_hyper-v

ibmstorage_protectRange8.1.0.0–8.1.19.0virtual_environments\_data_protection_for_vmware

ibmstorage_protect_clientRange8.1.0.0–8.1.19.0

References

exchange.xforce.ibmcloud.com/vulnerabilities/259246

www.ibm.com/support/pages/node/7037299

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

13.4%

JSON

Related for NVD:CVE-2023-35897

prion1 ibm1 cve1 cvelist1