File Permission Vulnerability in IBM Spectrum Protect Backup-Archive Client and Virtual Environments
CVE-2018-2025

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Backup-archive Client; Spectrum Protect For Virtual Environments
Vendor: CVE Published:; 22 November 2019

What is CVE-2018-2025?

A vulnerability exists in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments, where directories and files in the CIT subdirectory are configured with read/write permissions accessible to all users. This misconfiguration can lead to unauthorized modification or deletion of data, potentially compromising the integrity and availability of backup files.

Affected Version(s)

Spectrum Protect Backup-Archive Client 7.1.0.0

Spectrum Protect Backup-Archive Client 8.1.0.0

Spectrum Protect Backup-Archive Client 8.1.8.0

References

https://www.ibm.com/support/pages/node/1107261

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/155551

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
Dec 13, 2017