The French Government’s Computer Security Incident Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in IBM products. These vulnerabilities can have severe consequences, including compromising data confidentiality, potential security policy bypass, remote denial of service, remote arbitrary code execution, and privilege escalation.
Affected Systems:
The following versions are affected:
- IBM Spectrum Protect Plus versions earlier than 10.1.15.2
- IBM Storage Protect Operations Center versions earlier than 8.1.20
Summary:
Multiple vulnerabilities have been identified in IBM products. Some of these vulnerabilities allow an attacker to escalate privileges, execute arbitrary code remotely, and compromise data confidentiality.
Solution:
Refer to the vendor’s security bulletin for obtaining patches (see Documentation section).
Documentation:
- IBM Security Bulletin 7034039, dated September 18, 2023 Link
- IBM Security Bulletin 7034265, dated September 19, 2023 Link
References (CVEs):
These vulnerabilities have been assigned the following Common Vulnerabilities and Exposures (CVE) references:
- CVE-2021-3428 Link
- CVE-2022-0391 Link
- CVE-2022-4662 Link
- CVE-2023-1281 Link
- CVE-2023-1637 Link
- CVE-2023-1829 Link
- CVE-2023-2002 Link
- CVE-2023-2124 Link
- CVE-2023-2194 Link
- CVE-2023-24329 Link
- CVE-2023-28867 Link
- CVE-2023-3090 Link
- CVE-2023-3390 Link
Please take immediate action to address these vulnerabilities to ensure the security of your systems and data.