Rewterz Threat Advisory – Multiple IBM PowerVM Hypervisor Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-39065 

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and upload certificate function. A remote attacker could inject arbitrary shell commands which would be executed on the affected system.

CVE-2021-39064 

IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console.

CVE-2021-39063 

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. 

CVE-2021-39058 

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2021-39057 

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2021-39054 

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.

CVE-2021-39053 

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. 

CVE-2021-39052 

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization.

CVE-2021-39050 

IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges

CVE-2021-39049 

IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges.

CVE-2021-39048 

IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service

CVE-2021-38947 

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 

CVE-2020-4496 

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation.

Impact

• Code Execution
• Information Disclosure
• Unauthorized Access
• Information Theft
• Security Bypass
• Buffer Overflow

Affected Vendors

IBM

Affected Products

• IBM Spectrum Copy Data Management 2.2.13
• IBM Spectrum Protect Plus 10.1.0.0
• IBM Spectrum Protect Plus 10.1.8.0

Remediation

Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.

CVE-2021-39065

CVE-2021-39064

CVE-2021-39063

CVE-2021-39058

CVE-2021-39057

CVE-2021-39054

CVE-2021-39053

CVE-2021-39052

CVE-2021-39050

CVE-2021-39049

CVE-2021-39048

CVE-2021-38947

CVE-2020-4496