PT-2021-13991 · Ibm · Ibm Spectrum Protect Server

Published

2021-04-16

Updated

2021-04-21

CVE-2021-20491

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Server versions 7.1 through 8.1

Description: The issue is caused by improper bounds checking during the parsing of commands, leading to a stack-based buffer overflow. An authorized administrator could overflow a buffer and cause the server to crash by issuing a command with an improper parameter.

Recommendations: For IBM Spectrum Protect Server versions 7.1 through 8.1, consider restricting access to authorized administrators and limiting the use of commands that could trigger the buffer overflow until a fix is available. As a temporary workaround, carefully review and validate all command parameters to prevent improper input.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-20491

Affected Products

Ibm Spectrum Protect Server

PT-2021-13991 · Ibm · Ibm Spectrum Protect Server

CVE-2021-20491

Weakness Enumeration

Related Identifiers

Affected Products

References · 4