Vulnerabilities > CVE-2023-28956 - Incorrect Privilege Assignment vulnerability in IBM Spectrum Protect Backup-Archive Client

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ibm

CWE-266

NVD

Published: 2023-06-22

Updated: 2024-09-27

Summary

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Spectrum Protect Backup Archive Client 8.1.0.0 IBM Spectrum Protect Backup Archive Client 8.1.6 IBM Spectrum Protect Backup Archive Client 8.1.6.1 IBM Spectrum Protect Backup Archive Client 8.1.7.1 IBM Spectrum Protect Backup Archive Client 8.1.8.0 IBM Spectrum Protect Backup Archive Client 8.1.9.0 IBM Spectrum Protect Backup Archive Client 8.1.11.0 IBM Spectrum Protect Backup Archive Client 8.1.12 IBM Spectrum Protect Backup Archive Client 8.1.17.2	9
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-266 - Incorrect Privilege Assignment

References

https://www.ibm.com/support/pages/node/7005519