CVE-2020-4631

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6

Description The issue concerns access permissions to agent files in non-default configurations on Windows, where these files are assigned full control permissions to everyone. This could allow a local user to interrupt service operations.

Recommendations For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6, consider restricting access to the agent files to prevent unauthorized modifications and interruptions to service operations. As a temporary workaround, review and adjust the file permissions to ensure they are not accessible to everyone, limiting access to only necessary users or groups.