High Severity

Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)

Share this post:

Vulnerabilities in Samba, OpenSSL, Python, and XStream may affect IBM Spectrum Protect Plus. These vulnerabilities include bypassing security restrictions, obtaining sensitive information, denial of service, and elevation of privileges.

CVE(s): CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0-10.1.10.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6596981
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208073
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219177
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215741
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213210
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213034

More stories

Security Bulletin: Operations Dashboard is vulnerable to remote connection exploit by Go CVE-2022-30629

August 12, 2022 | High Severity

Operations Dashboard is vulnerable to remote connection exploit by Go CVE-2022-30629 with details below ...read more


Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129

August 10, 2022 | High Severity

Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129 with details below ...read more


Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

August 10, 2022 | High Severity

IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315). ...read more