Expert GuideIBM Storage Protect for Virtual Environments: Data Protection for VMware may be affected by vulnerabilities

Andreas Schwab — 13. October 2023
Reading time: 1:05 Minutes

IBM Storage Protect für virtuelle Umgebungen: Data Protection for VMware kann von Sicherheitslücken in der Expat-Bibliothek betroffen sein.

Security Bulletin: Vulnerabilities in Expat (AKA libexpat) affect IBM Storage Protect for Virtual Environments: Data Protection for VMware (CVE-2022-23852, CVE-2022-23990)

IBM Storage Protect for Virtual Environments (formerly IBM Spectrum Protect)

Data Protection for VMware may be affected by vulnerabilities in the Expat library in IBM Storage Protect for Virtual Environments.

The vulnerabilities could lead to the execution of arbitrary code as described in the CVEs in the Vulnerability Details section.

The vulnerabilities have been fixed.

Vulnerability Details

CVEID: CVE-2022-23990

CVSS base score: 9.8

DESCRIPTION: Expat (also known as libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function.

By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVEID: CVE-2022-23852

CVSS base score: 9.8

DESCRIPTION: Expat (also known as libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function.

By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Expat version 2.4.4 solves the problem

The Expat (libexpat) vulnerability has been closed in version 2.4.4, which is deployed as of IBM Storage Protect for Virtual Environment version 8.1.15.

Affected platform:

Windows

Affected product and versions:

IBM Storage Protect for Virtual Environments: Data Protection for VMware Version 8.1.0.0 - 8.1.14.0

Fixing Level: 8.1.15.0 or later

IBM's recommended action: Update IBM Storage Protect for Virtual Environment to V 8.1.20.0

IBM strongly recommends updating to the latest version 8.1.20.0, which has been available since September 16, 2023.

IBM FTP Download Links V 8.1.20.0:

https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/tivoli-data-protection/vmware/windows/v8120/

IBM FTP Download Links V 8.1.15.0: https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/tivoli-data-protection/vmware/windows/v8115/

For more download information on IBM Storage Protect for Virtual Environments version 8.1.20, visit the following link:

https://www.ibm.com/support/pages/node/7015823

Source

https://www.ibm.com/support/pages/node/7050952?myns=s033&mynp=OCSSERB6&mync=E&cm_sp=s033-_-OCSSERB6-_-E

Andreas Schwab

Andreas Schwab ist IT-Consultant und Senior Service Engineer bei der Empalis. Seit drei Jahren bereichert er unser Managed Service Team mit über 25 Jahren Erfahrung und Know-how aus der Systemadministration - vom Aufbau über Weiterentwicklung bis hin zu Betrieb der gesamten IBM Spectrum Protect Umgebung (Client und Server).

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

Expert GuideIBM Storage Protect for Virtual Environments: Data Protection for VMware may be affected by vulnerabilities

IBM Storage Protect for Virtual Environments (formerly IBM Spectrum Protect)

Vulnerability Details

Expat version 2.4.4 solves the problem

IBM's recommended action: Update IBM Storage Protect for Virtual Environment to V 8.1.20.0

Source

Andreas Schwab

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

Expert GuideIBM Storage Protect for Virtual Environments: Data Protection for VMware may be affected by vulnerabilities

IBM Storage Protect for Virtual Environments (formerly IBM Spectrum Protect)

Vulnerability Details

Expat version 2.4.4 solves the problem

IBM's recommended action: Update IBM Storage Protect for Virtual Environment to V 8.1.20.0

Source

Andreas Schwab

You were interested in this, then you may also be interested in...

NewsEmpalis as a long-standing pioneer partner at the forefront of Predatar with Apex

NewsBe more cyber-resilient with greater insight into your data: With the Predatar 12.2 Release - Enhancements for IBM Spectrum protect and IBM Spectrum Protect Plus

NewsInterview in the current edition of Wirtschaftsforum with Alina Mot on cyber resilience and the approaches of Empalis in today's times of crisis.

NewsIBM restructures backup portfolio and announces collaboration with Cohesity.

Expert GuideDo backup windows match, or do they overlap with internal server processes? Client Section of an IBM Spectrum Protect (ISP) Health Check