IBM01E41ABCDC019E5058A6A932FD2E283DA1D72D7CED70C28191411A6C7F270FF5Security Bulletin: Stack-based Buffer Overflow vulnerability in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Space Management (CVE-2021-39048)
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Space Management are vulnerable to a stack-based buffer overflow caused by improper bounds checking.
Vulnerability Details
CVEID:CVE-2021-39048
**DESCRIPTION:**IBM Spectrum Protect Client is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214438 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Backup-Archive Client | 8.1.0.0-8.1.12.0 on AIX, Linux, and Solaris platforms |
| 7.1.0.0-7.1.8.10 on AIX, Linux, Solaris, and HP-UX platforms | |
| IBM Spectrum Protect for Space Management | 8.1.0.0-8.1.12.0 on AIX and Linux platforms |
| 7.1.0.0-7.1.8.10 on AIX and Linux platforms |
Remediation/Fixes
IBM Spectrum Protect
Backup-Archive Client Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.13| AIX
Linux
Solaris| <https://www.ibm.com/support/pages/node/6524938>
7.1| 7.1.8.11| AIX
HP-UX
Linux
Solaris| <https://www.ibm.com/support/pages/node/316619>
IBM Spectrum Protect for
Space Management Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.13| AIX
Linux| <https://www.ibm.com/support/pages/node/6488915>
7.1| 7.1.8.11| AIX
Linux| <https://www.ibm.com/support/pages/node/316075>
Workarounds and Mitigations
None
Related
0.0004 Low
EPSS
Percentile
5.1%