CVE-2021-20432

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Plus versions 10.1.0 through 10.1.7

Description: The issue allows an attacker to perform privileged actions and retrieve sensitive information due to the use of Cross-Origin Resource Sharing (CORS) without limiting the domain name to trusted domains.

Recommendations: For IBM Spectrum Protect Plus versions 10.1.0 through 10.1.7, restrict access to trusted domains to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.