CVE-2021-20532

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 93.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect Backup-archive ClientIBM Spectrum Protect FOR Virtual Environments
Timeline
PublishedApr 26
Latest updateMay 24

Description

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDibm/spectrum_protect8.1.0.08.1.11.0
CVEListV5ibm/spectrum_protect_for_virtual_environments8.1.0.0, 8.1.11.0+1

🔴Vulnerability Details

2
GHSA
GHSA-hgpr-h782-x3x8: IBM Spectrum Protect Client 82022-05-24
CVEList
CVE-2021-20532: IBM Spectrum Protect Client 82021-04-26
CVE-2021-20532 (HIGH CVSS 7.8) | IBM Spectrum Protect Client 8.1.0.0 | cvebase.io