High Severity

Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus

January 28, 2022

Categorized: High Severity

Share this post:

Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner such as denial of service, elevation of privileges, buffer overflow, directory traversal, information disclosure, and bypassing of security restrictions , may affect IBM Spectrum Protect Plus. 28 January 2022: CVE-2020-8492 for Python is fixed in 10.1.9 or higher.

CVE(s): CVE-2020-8492, CVE-2020-14323, CVE-2020-15436, CVE-2021-3156, CVE-2021-3139, CVE-2020-35513, CVE-2020-35508, Third Party Entry:   189303

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0-10.1.7

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6445699
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/175462
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190934
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192171
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195658
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194936
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195545
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198870


Previous Post

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-4104)

Next Post

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is affected by critical vulnerability in Log4j (CVE-2021-44228)
More stories

Security Bulletin: IBM DataPower Gateway Operand affected by vulnerabilities in Go (CVE-2021-44716, CVE-2021-44717)

May 23, 2022 | High Severity

Ibm DataPower Gateway, when deployed by DataPower Operator on Kubernetes & OpenShift, is subject to a potential denial of service. IBM has addressed the relevant CVEs ...read more

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM ESS ( CVE-2021-39031)

May 23, 2022 | High Severity

There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM ESS, which could allow a remote attacker to cause a denial of service. ...read more

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4083)

May 23, 2022 | High Severity

There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. ...read more