First published: Fri Dec 10 2021(Updated: )
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Copy Data Management | <=2.2.13 and below | |
IBM Spectrum Copy Data Management | <=2.2.13 | |
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-39065.
The severity of CVE-2021-39065 is critical with a score of 9.8.
IBM Spectrum Copy Data Management versions 2.2.13 and earlier are affected by this vulnerability.
A remote attacker can exploit CVE-2021-39065 by executing arbitrary commands on the system.
Please refer to the IBM Support website for information on available fixes or patches for CVE-2021-39065.