CVE-2021-39063

CWE-3463 documents3 sources

Severity

9.1CRITICAL

EPSS

0.1%

top 76.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Protect Plus

Timeline

PublishedDec 13

Latest updateDec 14

Description

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDibm/spectrum_protect_plus10.1.0 — 10.1.9

▶CVEListV5ibm/spectrum_protect_plus10.1.0.0, 10.1.8.0+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vq57-688w-8qm4: IBM Spectrum Protect Plus 10↗2021-12-14

▶

CVEList

CVE-2021-39063: IBM Spectrum Protect Plus 10↗2021-12-13

▶