IBM.Spectrum.Protect.Plus.username.Remote.Code.Execution
Description
This indicates an attack attempt to exploit an Remote Code Execution Error Vulnerability in IBM Spectrum Protect Plus.
The vulnerability is due to a lack of input validation in the Administrative Console service when parsing a parameter. A remote authenticated attacker could exploit this vulnerability by sending a specially crafted request to a target system. Successful exploitation could lead to arbitrary code execution in the context of the root user.
Affected Products
IBM Spectrum Protect Plus 10.1.0
IBM Spectrum Protect Plus 10.1.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.ibm.com/support/pages/node/3178863
Version Updates
Date | Version | Detail |
---|---|---|
2022-08-15 | 0.00326 |