PT-2023-21381 · Ibm · Ibm Spectrum Protect Server

Published

2023-05-12

Updated

2023-05-19

CVE-2023-27863

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus Server version 10.1.13

Description The issue allows an elevated user to obtain SMB credentials under specific configurations, which may be used to access vSnap data stores.

Recommendations For IBM Spectrum Protect Plus Server version 10.1.13, consider restricting access to sensitive data stores and limiting user privileges to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and secure SMB credential storage and access controls.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-27863

Affected Products

Ibm Spectrum Protect Server

PT-2023-21381 · Ibm · Ibm Spectrum Protect Server

CVE-2023-27863

Weakness Enumeration

Related Identifiers

Affected Products

References · 6