CVE-2021-20546

CWE-787Out-of-bounds Write3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect ClientIBM Spectrum Protect FOR Space Management
Timeline
PublishedApr 26
Latest updateMay 24

Description

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDibm/spectrum_protect_client8.1.0.08.1.11.0
NVDibm/spectrum_protect8.1.0.08.1.11.0
CVEListV5ibm/spectrum_protect_for_space_management8.1.0.0, 8.1.11.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-x4wg-5xxw-qhh7: IBM Spectrum Protect Client 82022-05-24
CVEList
CVE-2021-20546: IBM Spectrum Protect Client 82021-04-26
CVE-2021-20546 (MEDIUM CVSS 5.5) | IBM Spectrum Protect Client 8.1.0.0 | cvebase.io