VDB
CVE-2021-4154
CVE-2021-4154
PUBLISHED
CVSS 8.699999809265137 HIGH
In IBM Spectrum Protect existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten OpenSSL, Container Backup and Restore, Storage Agent, Client, Operations Center, Linux Kernel, MinIO , Golang Go, Java SE und in den Prozessen dsmcad, dsmc und dsmcsvc. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, beliebigen Code auszuführen, seine Rechte zu erweitern oder beliebigen Code mit Root-Rechten auszuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.
EPSS 0.84% · 75.1th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.84%
75.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Android 11 | ||
| Amazon | Amazon Linux 2 | |
| Google Android 10 | ||
| Ubuntu | Ubuntu Linux | |
| IBM | IBM Spectrum Protect 8.1 | |
| Google Android 12L | ||
| IBM | IBM Spectrum Protect 10.1 | |
| Red Hat | Red Hat Enterprise Linux | |
| SUSE | SUSE Linux | |
| Google Android 12 |
Exploit Intelligence
- CVE-2021-4154 exploit (github-poc-repo)
- CVE-2021-4154 exploit (github-poc-repo)
- CVE-2021-4154 exploit (github-poc-repo)
- CVE-2021-4154 exploit (github-poc-repo)
- CVE-2021-4154 exploit (github-poc-repo)
- CVE-2021-4154 exploit (github-poc-repo)
- CVE-2021-4154 (github-poc-repo)
- CVE-2021-4154 (github-poc-repo)
- CVE-2021-4154 (github-poc-repo)
- CVE-2021-4154 (github-poc-repo)
…and 32 more exploits
Timeline
- Feb 4, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 27, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0515.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0515 advisory
- https://ubuntu.com/security/notices/USN-6151-1 advisory
- https://www.cybersecurity-help.cz/vdb/SB2023032948 advisory
- https://www.ibm.com/support/pages/node/6596399 advisory
- https://www.ibm.com/support/pages/node/6596907 advisory
- https://www.ibm.com/support/pages/node/6596881 advisory
- https://www.ibm.com/support/pages/node/6596741 advisory
- https://www.ibm.com/support/pages/node/6596883 advisory
- https://www.ibm.com/support/pages/node/6596971 advisory
- https://www.ibm.com/support/pages/node/6596895 advisory
- https://www.ibm.com/support/pages/node/6596379 advisory
- https://www.ibm.com/support/pages/node/6596877 advisory
- https://www.ibm.com/support/pages/node/6596875 advisory
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-027.html advisory
- https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-029.html advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerabilities-in-the-ibm-spectrum-protect-backup-archive-client-may-affect-ibm-spectrum-protect-for-space-management-cve-2022-22478/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0137.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0137 advisory
- https://source.android.com/security/bulletin/2022-06-01 advisory
…and 20 more