What is the vulnerability ID for this IBM Spectrum Protect Client vulnerability?

The vulnerability ID for this IBM Spectrum Protect Client vulnerability is CVE-2021-20546.

What is the title of this vulnerability?

The title of this vulnerability is 'IBM Spectrum Protect Client is vulnerable to a stack-based buffer overflow caused by improper bounds checking'.

What is the severity of CVE-2021-20546?

The severity of CVE-2021-20546 is medium.

How can a local attacker exploit this vulnerability?

A local attacker can exploit this vulnerability by overflowing a buffer and causing the application to crash.

What is the affected software for this vulnerability?

The affected software for this vulnerability includes IBM Spectrum Protect Client (version 8.1.0.0 through 8.1.11.0), IBM Spectrum Protect for Space Management (version 8.1.0.0 through 8.1.11.0), IBM Spectrum Protect Backup-Archive Client (version 8.1.0.0-8.1.11.07.1.0.0-7.1.8.10), and IBM Spectrum Protect for Space Management (version 8.1.0.0-8.1.11.07.1.0.0-7.1.8.10).

Vulnerability/
CVE-2021-20546

medium

6.2

CWE

787 119

23/4/2021

26/4/2021

16/9/2024

CVE-2021-20546: Buffer Overflow

First published: Fri Apr 23 2021(Updated: )

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Spectrum Protect client	>=8.1.0.0<=8.1.11.0
Ibm Spectrum Protect For Space Management	>=8.1.0.0<=8.1.11.0
	<=8.1.0.0-8.1.11.07.1.0.0-7.1.8.10
	<=8.1.0.0-8.1.11.07.1.0.0-7.1.8.10

Remedy

https://www.ibm.com/support/pages/node/6445497

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6445497

Frequently Asked Questions

What is the vulnerability ID for this IBM Spectrum Protect Client vulnerability?
The vulnerability ID for this IBM Spectrum Protect Client vulnerability is CVE-2021-20546.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM Spectrum Protect Client is vulnerable to a stack-based buffer overflow caused by improper bounds checking'.
What is the severity of CVE-2021-20546?
The severity of CVE-2021-20546 is medium.
How can a local attacker exploit this vulnerability?
A local attacker can exploit this vulnerability by overflowing a buffer and causing the application to crash.
What is the affected software for this vulnerability?
The affected software for this vulnerability includes IBM Spectrum Protect Client (version 8.1.0.0 through 8.1.11.0), IBM Spectrum Protect for Space Management (version 8.1.0.0 through 8.1.11.0), IBM Spectrum Protect Backup-Archive Client (version 8.1.0.0-8.1.11.07.1.0.0-7.1.8.10), and IBM Spectrum Protect for Space Management (version 8.1.0.0-8.1.11.07.1.0.0-7.1.8.10).

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/remedy
agent/author
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm spectrum protect client
version/ibm spectrum protect client/8.1.0.0
version/ibm spectrum protect client/8.1.11.0
canonical/ibm spectrum protect for space management
version/ibm spectrum protect for space management/8.1.0.0
version/ibm spectrum protect for space management/8.1.11.0
canonical/ibm spectrum protect backup-archive client
version/ibm spectrum protect backup-archive client/8.1.0.0-8.1.11.07.1.0.0-7.1.8.10
version/ibm spectrum protect for space management/8.1.0.0-8.1.11.07.1.0.0-7.1.8.10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.