PostgreSQL is vulnerable to a man-in-the-middle attack which can affect IBM Spectrum Protect Plus. In addition, IBM Spectrum Protect Plus is vulnerable to a Slowloris denial of service attack.
CVEID:CVE-2021-23222
**DESCRIPTION:**PostgreSQL is vulnerable to a man-in-the-middle attack, caused by improper validation of user-supplied input by libpq. A remote attacker could exploit this vulnerability to launch a man-in-the-middle attack to inject false responses to the clientβs first few queries, despite the use of SSL certificate verification and encryption.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218383 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2022-22354
**DESCRIPTION:**IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220485 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus | 10.1.0.0-10.1.9.2 |
BM Spectrum Protect Plus****Affected Versions|**Fixing
**Level|Platform|**Link to Fix and Instructions
**
β|β|β|β
10.1.0.0-10.1.9.2| 10.1.9.3| Linux| <https://www.ibm.com/support/pages/node/6487159>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect plus | eq | 10.1 |