NewsUpdate: Close current security vulnerabilities in IBM Spectrum Protect and Spectrum Protect Plus: New Security Bulletins

Dr. Christian Biermann — 16. March 2022
Reading time: 1:25 minutes

Aktuelle Sicherheitslücken in IBM Spectrum Protect schließen

IBM released new security bulletins for Spectrum Protect and Spectrum Protect Plus late last week.

Some of these bulletins were updated again on March 14, 2022, as they released another fix 8.1.14.100 for Spectrum Protect Server.

 

The following bulletins have been released by IBM:

Spectrum Protect Server

Security Bulletin: Vulnerabilities in IBM Java Runtime and Golang Go affect IBM Spectrum Protect Server (CVE-2021-35578, CVE-2021-44716, CVE-2021-44717

Zum Bulletin

 

Security Bulletin: Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926)

Zum Bulletin

Spectrum Protect Backup-Archive Client, Spectrum Protect for Virtual Environments, Spectrum Protect for Space Management

Security Bulletin: Vulnerabilities in IBM Java Runtime and Golang Go affect IBM Spectrum Protect Server (CVE-2021-35578, CVE-2021-44716, CVE-2021-44717)

Zum Bulletin

Spectrum Protect Plus

Security Bulletin: IBM Spectrum Protect Plus is vulnerable to PostgreSQL Man-in-the-Middle and Slowloris Denial of Service attacks (CVE-2021-23222, CVE-2022-22354)

Zum Bulletin

 

Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

Zum Bulletin

 

Security Bulletin: Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)

Zum Bulletin

 

Security Bulletin: Vulnerabilities in Polkit, Node.js, OpenSSH, and Golang Go affect IBM Spectrum Protect Plus (CVE-2021-4034, CVE-2022-21681, CVE-2022-21680, CVE-2022-0235, CVE-2021-41617, CVE-2021-44716, CVE-2021-44717, 218243)

Zum Bulletin

 

Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus

Zum Bulletin

 

 

The vulnerabilities mainly affect parts of the used database software and the programming frameworks of Java and Python. But also security vulnerabilities in the Linux environment of Spectrum Protect Plus are closed with the recommended updates.

 

The gaps can lead to denial-of-service attacks, execute code on the systems and a DB2 gap allows the modification of databases if the attacker has DBADM rights.

 

Working exploits are already known for some of the gaps affecting Spectrum Protect Plus.

For the Spectrum Protect Backup-Archive client, the web client is affected. It is therefore advisable to update to the latest versions.

Downloads

Download Spectrum Protect Server 8.1.14.100

The download of ISP 8.1.14.100 is now available. The download page does not show it yet, but you can download the patch via Fixcentral and the FTP server.

Download Spectrum Protect Server 8.1.14.100

Download Backup/Archive Client 8.1.14

Download Backup/Archive Client 8.1.14

Download Data Protection for Virtual Environments VMWare 8.1.14

Download Data Protection for Virtual Environments VMWare 8.1.14

Download Space Management Client 8.1.14

Download Space Management Client 8.1.14

Download Spectrum Protect Plus

Download Spectrum Protect Plus

You were interested in this, then you may also be interested in...