CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
39.1%
IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in urllib3, Python and Tornado which include obtaining sensitive information, bypass security restrictions and bypass web application firewall protection, and conduct XSS attacks, as described by the CVEs in the โVulnerability Detailsโ section. These vulnerabilities have been addressed.
CVEID:CVE-2023-43804
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during cross-origin redirects. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268192 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-40217
**DESCRIPTION:**Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module. When the socket is closed before the TLS handshake is complete, the data is treated as if it had been encrypted by TLS. An attacker could exploit this vulnerability to bypass the TLS handshake and inject a malicious client certificate into the connection and gain access to the serverโs resources without being authenticated.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264374 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
**IBM X-Force ID:**263690
**DESCRIPTION:**Tornado Web Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP Content-Length header. By sending a specially crafted HTTP(S) Content-Length header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263690 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus File Systems Agent | 10.1.6 - 10.1.14 |
IBM Storage Protect Plus File Systems Agent | 10.1.15 |
IBM Storage Protect****Plus Affected Versions | **Fixing **Level | Platform | Link to Fix and Instructions |
---|---|---|---|
10.1.6-10.1.15 | 10.1.15.3 | Windows | <https://www.ibm.com/support/pages/node/6988945> |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_protect_plus | 10.1.6 | cpe:2.3:a:ibm:storage_protect_plus:10.1.6:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.7 | cpe:2.3:a:ibm:storage_protect_plus:10.1.7:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.8 | cpe:2.3:a:ibm:storage_protect_plus:10.1.8:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.9 | cpe:2.3:a:ibm:storage_protect_plus:10.1.9:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.10 | cpe:2.3:a:ibm:storage_protect_plus:10.1.10:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.11 | cpe:2.3:a:ibm:storage_protect_plus:10.1.11:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.13 | cpe:2.3:a:ibm:storage_protect_plus:10.1.13:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.14 | cpe:2.3:a:ibm:storage_protect_plus:10.1.14:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.15 | cpe:2.3:a:ibm:storage_protect_plus:10.1.15:*:*:*:*:*:*:* |
ibm | storage_protect_plus | 10.1.15.1 | cpe:2.3:a:ibm:storage_protect_plus:10.1.15.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
39.1%