Security News > 2020 > September > IBM Spectrum Protect Plus Security Open to RCE
IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue's security tool found under the umbrella of its Spectrum data storage software branding.
IBM Spectrum Protect Plus is a data-protection solution that provides near-instant recovery, replication, reuse and self-service for virtual machines.
The vulnerabilities affect versions 10.1.0 through 10.1.6 of IBM Spectrum Protect Plus.
The more serious of the two flaws exists in IBM Spectrum Protect Plus' Administrative Console and could allow an authenticated attacker to upload arbitrary files - which could then be used to execute arbitrary code on the vulnerable server, according to researchers with Tenable, who discovered the flaws, in a Monday advisory.
In April, four serious security vulnerabilities in the IBM Data Risk Manager were identified that can lead to unauthenticated remote code execution as root in vulnerable versions, according to analysis - and a proof-of-concept exploit is available.
News URL
https://threatpost.com/ibm-flaws-spectrum-protect-plus/159268/