IBM Spectrum Protect Plus Security Open to RCE

2020-09-15 19:08

IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue's security tool found under the umbrella of its Spectrum data storage software branding.

IBM Spectrum Protect Plus is a data-protection solution that provides near-instant recovery, replication, reuse and self-service for virtual machines.

The vulnerabilities affect versions 10.1.0 through 10.1.6 of IBM Spectrum Protect Plus.

The more serious of the two flaws exists in IBM Spectrum Protect Plus' Administrative Console and could allow an authenticated attacker to upload arbitrary files - which could then be used to execute arbitrary code on the vulnerable server, according to researchers with Tenable, who discovered the flaws, in a Monday advisory.

In April, four serious security vulnerabilities in the IBM Data Risk Manager were identified that can lead to unauthenticated remote code execution as root in vulnerable versions, according to analysis - and a proof-of-concept exploit is available.

News URL

https://threatpost.com/ibm-flaws-spectrum-protect-plus/159268/

#IBM #RCE #security

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
IBM		1276	1496	3791	870	473	6630

News URL

Related news

Related vendor