IBM Spectrum Protect Plus is a modern data protection solution that provides near-instant data recovery, replication, retention, and reuse for physical and virtual machines, Windows file systems, databases applications, SaaS workloads, and containers. It is easily deployed as a virtual appliance and the agentless architecture is easy to maintain. It unlocks the value of your data by improving the quality and speed of testing, reporting, and analytics.

IBM Spectrum Protect Plus Microsoft® File Systems backup and restore may be affected by vulnerabilities in Python, Tornado. and Urllib3 such as server-side request forgery, HTTP response splitting, buffer overflow, and man-in-the-middle attacks.

CVE(s): CVE-2021-29921, CVE-2021-28363, CVE-2020-28476, CVE-2021-3177

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Plus Microsoft File Systems backup and restore 10.1.6-10.1.8

 

MwCERT is recommending  users and system administrators to refer to the following reference URLs for remediation and additional vulnerability details:

 
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201083
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198199
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195065
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195244

 

Source:IBM