Low Severity

Security Bulletin: Vulnerabilities in Apache Commons and Log4j affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments

Share this post:

Vulnerabilities in Apache Commons and Log4j, such as execution of arbitrary code on the system, man-in-the-middle attack, and information disclosure, could affect the IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments. UPDATED 1/29/2021: Added 7.1 fix for IBM Spectrum Protect for Virtual Environments: Data Protection for VMware UPDATED 5/8/2021: Updated Remediation/Fixes section to correct Platforms for Spectrum Protect Client 8.1 – AIX, Linux, and Windows only.

CVE(s): CVE-2019-17571, CVE-2020-9488, Third Party Entry:   177835

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Client 8.1.0.0-8.1.10.0
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware 8.1.0.0-8.1.10.0
7.1.0.0-7.1.8.9
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V 8.1.0.0-8.1.10.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6371652
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824

More stories

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14781)

Jun 15, 2021 8:01 pm EDT | Low Severity

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14781) ...read more


Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2020-1968)

Jun 15, 2021 8:00 pm EDT | Low Severity

IBM MQ Appliance has resolved and OpenSSL vulnerability. ...read more


Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-2773)

Jun 15, 2021 8:00 pm EDT | Low Severity

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE. ...read more