IBM Spectrum Protect Server is vulnerable to a stack-based buffer overflow.
CVEID:CVE-2021-20491
**DESCRIPTION:**IBM Spectrum Protect Server is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197792 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Server | 8.1.0.000-8.1.10.100 and 8.1.11.000 |
7.1.0.000-7.1.12.xxx |
IBM Spectrum Protect Server Release|First Fixing VRM Level|
APAR
| Platform|Link to Fix
—|—|—|—|—
8.1| 8.1.10.200| IT34975
| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6323469>
8.1
| 8.1.11.100
| IT34975
| AIX
Linux
Windows
|
<https://www.ibm.com/support/pages/node/6442973>
7.1| 7.1.13| IT34975
| AIX
HP-UX
Linux
Solaris
Windows|
<https://www.ibm.com/support/pages/node/6411459>
None