Local User Privilege Escalation in IBM Spectrum Protect Client
CVE-2021-20532

7.4HIGH

Key Information:

Vendor: IBM
Status: Spectrum Protect For Virtual Environments
Vendor: CVE Published:; 26 April 2021

Summary

A vulnerability in IBM Spectrum Protect Client allows a local user to escalate their privileges due to insecure directory permissions. This poses a risk for unauthorized access and control over the system. Users of affected versions should urgently review their security configurations and apply necessary patches.

Affected Version(s)

Spectrum Protect for Virtual Environments 8.1.0.0

Spectrum Protect for Virtual Environments 8.1.11.0

References

https://www.ibm.com/support/pages/node/6445503

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/198811

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2021
Vulnerability Reserved
Dec 17, 2020