Vulnerabilities in Genivia gSOAP, such as denial of service or execution of arbitrary code on the system, may affect IBM Spectrum Protect for Virtual Environments: Data Protection for VMware. UPDATED: 14 June 2021 - Added 7.1 fix for IBM Spectrum Protect for Virtual Enviornments:Data Protection for VMware and IBM Spectrum Protect Client.
CVEID:CVE-2020-13575
**DESCRIPTION:**Genivia gSOAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the WS-Addressing plugin functionality. By sending a specially-crafted SOAP request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194205 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-13578
**DESCRIPTION:**Genivia gSOAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the WS-Security plugin functionality. By sending a specially-crafted SOAP request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194209 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-13574
**DESCRIPTION:**Genivia gSOAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the WS-Security plugin functionality. By sending a specially-crafted SOAP request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194204 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-13577
**DESCRIPTION:**Genivia gSOAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the WS-Security plugin functionality. By sending a specially-crafted SOAP request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194208 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-13576
**DESCRIPTION:**Genivia gSOAP could allow a remote attacker to execute arbitrary code on the system, caused by a flaw an integer overflow to buffer overflow in the WS-Addressing plugin functionality. By sending a specially-crafted SOAP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-21783
**DESCRIPTION:**Genivia gSOAP could allow a remote attacker to execute arbitrary code on the system, caused by an error in the WS-Addressing plugin functionality. By sending a specially-crafted SOAP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198762 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|
IBM Spectrum Protect for Virtual Environments:
Data Protection for VMware
| 8.1.0.0-8.1.11.0
7.1.0.0-7.1.8.10
IBM Spectrum Protect Client| 7.1.0.0-7.1.8.10
IBM Spectrum Protect for
Virtual Environments:
Data Protection for VMware Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.12| Linux
Windows| <https://www.ibm.com/support/pages/node/6415103>
7.1
| 7.1.8.11
| Linux
Windows
| <https://www.ibm.com/support/pages/node/316625>
IBM Spectrum Protect
Client Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
7.1
| 7.1.8.11
| Linux
Windows| <https://www.ibm.com/support/pages/node/316619>
None