NewsUpdate: Current vulnerabilities in IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778, CVE-2022-0778, CVE-2022-22474)

Andreas Schwab, Markus Stumpf — 13. July 2022
Reading time 1:11 minutes

Latest advisory from our team on IBM's security bulletins to close vulnerabilities in IBM Spectrum Protect Backup-Archive Client.

Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)

The OpenSSL vulnerabilities were announced by the OpenSSL project on March 15, 2022. OpenSSL, which is used by IBM Spectrum Protect Backup-Archive Client for network connections to NetApp services, has closed the affected vulnerability.

Details of the vulnerability

CVEID: CVE-2022-0778

CVSS base rating: 7.5

Description

OpenSSL is vulnerable to a denial of service caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially crafted certificate with invalid explicit curve parameters, a remote attacker can exploit this vulnerability to cause an infinite loop, resulting in a denial-of-service condition.

Affected platforms: Linux, Windows

Affected ISP B/A client versions: 8.1.0.0 - 8.1.14.0

Security Bulletin: Information Disclosure and Denial of Service Vulnerabilities in IBM Spectrum Protect Backup-Archive Client (CVE-2022-22478, CVE-2022-22474)

The IBM Spectrum Protect backup archive client is vulnerable to information disclosure because user credentials are stored in memory in clear text. The backup archive client is also vulnerable to a denial of service due to certain reads on TCP/IP sockets.

Vulnerability details

CVEID: CVE-2022-22478

CVSS base rating: 6.2

Description

IBM Spectrum Protect Client stores user credentials in plain text that can be read by a local user.

CVEID: CVE-2022-22474

CVSS base score: 5.9

Description

The IBM Spectrum Protect processes dsmcad, dsmc, and dsmcsvc incorrectly handle certain reads on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations.

Affected platforms: AIX, HP-UX, Linux, Macintosh, Solaris, Windows

Affected ISP B/A client versions: 8.1.0.0 - 8.1.14.0

Fixing Level

8.1.15.0

IBM FTP Download Links

https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/client/v8r1/

IBM Spectrum Protect Security Bulletin Download Links Overview

IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)

Security Bulletin: Vulnerability in IBM Dojo affects IBM Spectrum Protect for Virtual Environments (CVE-2021-23450)

Security Bulletin: IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)

Security Bulletin: Vulnerabilities in IBM Java Runtime and Golang Go affect IBM Spectrum Protect Server (CVE-2021-35578, CVE-2021-44716, CVE-2021-44717)

Security Bulletin: Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926)

Security Bulletin: IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394)

Security Bulletin: IBM Spectrum Protect Server may not count invalid sign-on attempts from Operations Center (CVE-2022-224485)

IBM Spectrum Protect Plus™

Security Bulletin: IBM Spectrum Protect Plus may disclose sensitive information in virgo log file (CVE-2022-22396)

Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527)

Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus

Security Bulletin: Denial of Service Vulnerability in Golang Go affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-24921)

Security Bulletin: Vulnerabilities in Polkit, Node.js, OpenSSH, and Golang Go affect IBM Spectrum Protect Plus (CVE-2021-4034, CVE-2022-21681, CVE-2022-21680, CVE-2022-0235, CVE-2021-41617, CVE-2021-44716, CVE-2021-44717, 218243)

Security Bulletin: Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift

Security Bulletin: Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)

Security Bulletin: IBM Spectrum Protect Plus is vulnerable to PostgreSQL Man-in-the-Middle and Slowloris Denial of Service attacks (CVE-2021-23222, CVE-2022-22354)

Particularly interesting since B/A client up to 8.1.14 affected and CVE Base Score 7.5:

https://www.ibm.com/support/pages/node/6596399?myns=swgother&mynp=OCSSEQVQ&mync=E&cm_sp=swgother-_-OCSSEQVQ-_-E

Sources

https://www.ibm.com/support/pages/node/6596399?myns=swgother&mynp=OCSSEQVQ&mync=E&cm_sp=swgother-_-OCSSEQVQ-_-E

https://www.ibm.com/support/pages/node/6596741?myns=swgother&mynp=OCSSEQVQ&mync=E&cm_sp=swgother-_-OCSSEQVQ-_-E

If you have any further questions, please do not hesitate to contact us.

Your Empalis Team

Andreas Schwab

Andreas Schwab is an IT consultant and senior service engineer at Empalis. For the past three years, he has enriched our Managed Service Team with over 25 years of experience and know-how from system administration - from setup to further development and operation of the entire IBM Spectrum Protect environment (client and server).

Markus Stumpf

Markus Stumpf is Head of Data Protection Services and Business Development Manager at Empalis Consulting GmbH.
As an expert in data protection solutions such as IBM Spectrum Protect, Veeam or Cohesity and with over 20 years of experience in implementation, operation and training (especially with IBM Spectrum Protect), he is happy to answer all your questions.

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

NewsUpdate: Current vulnerabilities in IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778, CVE-2022-0778, CVE-2022-22474)

Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)

Details of the vulnerability

Description

Security Bulletin: Information Disclosure and Denial of Service Vulnerabilities in IBM Spectrum Protect Backup-Archive Client (CVE-2022-22478, CVE-2022-22474)

Vulnerability details

Description

Description

Fixing Level

IBM FTP Download Links

IBM Spectrum Protect Security Bulletin Download Links Overview

IBM Spectrum Protect Plus™

Particularly interesting since B/A client up to 8.1.14 affected and CVE Base Score 7.5:

Sources

Andreas Schwab

Markus Stumpf

You were interested in this, then you may also be interested in...

NewsDas neue Spectrum Protect Release 8.1.15 enthält einige Updates, die die Security erhöhen sollen.

NewsSicherheitslücke APAR IT40426 gefixt im neuen IBM ISP Release 8.1.15 - und weitere Informationen, was in der Client Version gefixt wurde

NewsIBM Spectrum Protect Plus Release 10.1.11: Security Fixe, die Lücken beheben mit denen Angreifer weitergehende Rechte oder Zugriffe erlangen kann.