File Permission Vulnerability in IBM Spectrum Protect Backup-Archive Client and Virtual Environments
CVE-2018-2025

5.1MEDIUM

Key Information:

Summary

A vulnerability exists in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments, where directories and files in the CIT subdirectory are configured with read/write permissions accessible to all users. This misconfiguration can lead to unauthorized modification or deletion of data, potentially compromising the integrity and availability of backup files.

Affected Version(s)

Spectrum Protect Backup-Archive Client 7.1.0.0

Spectrum Protect Backup-Archive Client 8.1.0.0

Spectrum Protect Backup-Archive Client 8.1.8.0

References

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.