Sulfur

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5 **Description** The issue allows a remote attacker to execute arbitrary code on the system by using a specially crafted HTTP command. This enables the attacker to execute arbitrary commands on the system. **Recommendations** For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5 **Description** The issue is related to the failure to neutralize special elements in user-input strings during the syntactic analysis of the hostname parameter. This can be exploited by a remote attacker to execute arbitrary code on the system by using a specially crafted HTTP command. **Recommendations** For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Protect Plus versions 10.1.0 through 10.1.5 **Description** The issue is related to the Administrative Console Framework of IBM Spectrum Protect Plus, where a lack of neutralization of special elements used in an operating system command can be exploited. This can allow a remote attacker to execute arbitrary code on the system by using a specially crafted HTTP command. **Recommendations** For versions 10.1.0 through 10.1.5, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the `changeAdministratorPassword` command to minimize the risk of exploitation.