Local User Denial of Service in IBM Spectrum Protect Plus
CVE-2021-20490

4MEDIUM

Key Information:

Vendor
IBM
Status
Spectrum Protect Plus
Vendor
CVE Published:
29 June 2021

Summary

The vulnerability allows a local user to exploit insecure file permission settings in IBM Spectrum Protect Plus versions 10.1.0 to 10.1.8, potentially leading to a denial of service condition. This can result in service interruption and affect the overall functionality of the product. Ensuring proper file permissions is crucial to mitigate this security risk.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.8

References

https://www.ibm.com/support/pages/node/6466609
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/197791
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.