IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments may allow a local user to escalate their privileges. UPDATED: 14 June 2021 - Added 7.1 fix for IBM Spectrum Protect for Virtual Environments: Data Protection for VMware.
CVEID:CVE-2021-20532
**DESCRIPTION:**IBM Spectrum Protect Client could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198811 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Backup-Archive Client | 8.1.0.0-8.1.11.0 |
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware | |
8.1.0.0-8.1.11.0 | |
7.1.0.0-7.1.8.10 |
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V
| 8.1.0.0-8.1.11.0
IBM Spectrum Protect Backup-Archive Client
Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.12| Windows| <https://www.ibm.com/support/pages/node/6443671>
IBM Spectrum Protect for
Virtual Environments:
Data Protection for VMware Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.12| Windows| <https://www.ibm.com/support/pages/node/6415103>
7.1
| 7.1.8.11
| Windows
| <https://www.ibm.com/support/pages/node/316625>
IBM Spectrum Protect for
Virtual Environments:
Data Protection for Hyper-V Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.12| Windows
| <https://www.ibm.com/support/pages/node/6415103>
None