IBM Spectrum Protect Backup-Archive Client privilege escalation
CVE-2023-28956

8.4HIGH

Key Information:

Vendor: IBM
Status: Spectrum Protect Backup-archive Client
Vendor: CVE Published:; 22 June 2023

What is CVE-2023-28956?

A local privilege escalation vulnerability exists in the IBM Spectrum Protect Backup-Archive Client versions 8.1.0.0 through 8.1.17.2. This issue stems from improper access controls that could potentially be exploited by a local user to escalate their privileges within the system. Organizations using affected versions are advised to apply necessary patches and updates to mitigate this risk.

Affected Version(s)

Spectrum Protect Backup-Archive Client 8.1.0.0 <= 8.1.17.2

References

https://www.ibm.com/support/pages/node/7005519

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Mar 29, 2023