QID 377859
Date Published: 2023-04-03
QID 377859: IBM Spectrum Protect Server Multiple Vulnerabilities (6596881)
The IBM Spectrum Protect Server is vulnerable to an offline dictionary attack when using SESSIONSECURITY=TRANSITIONAL. The IBM Spectrum Protect Storage agent is vulnerable to a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID.
CVE-2022-22496 - While a user account for the IBM Spectrum Protect server is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack.
CVE-2020-4739 - An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect server with which it communicates.
Affected Versions:
IBM Spectrum Protect Server 8.1.0.000 - 8.1.14.xxx
QID Detection Logic(Authenticated):
This checks for vulnerable versions of IBM Spectrum Protect.
Vulnerable versions may allow a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID.
- 6596881 -
www.ibm.com/support/pages/node/6596881
CVEs related to QID 377859
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 6596881 |
www.ibm.com/support/pages/node/6596881 |