Spectrum Protect Plus
CVE-2021-39063
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.
AnalysisAI
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-346. IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. Affected products include: Ibm Spectrum Protect Plus. Version information: through 10.1.8..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Spectrum Protect Plus
View allIBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. R
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to ex
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to ex
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the syste
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high seve
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload a
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload a
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the t
Same weakness CWE-346 – Origin Validation Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today