BM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift is vulnerable to login security being bypassed which can result in gaining unauthorized access to the IBM Spectrum Protect Plus Server.
DESCRIPTION: IBM Spectrum Protect Plus Container Backup and Restore could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225340 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Products and Versions
|IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes||10.1.5-10.1.10.2|
|IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift||10.1.7-10.1.10.2|
|BM Spectrum Protect|
Plus Affected Versions
|Platform||Link to Fix and Instructions|
10.1.7-10.1.10.2 (Red Hat OpenShift)
Workarounds and Mitigations
Get Notified about Future Security Bulletins
29 June 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
29 June 2022