Vulnerability Details : CVE-2023-33832
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2023-33832
- IBM » Spectrum Protect For Virtual EnvironmentsVersions from including (>=) 8.1.0.0 and up to, including, (<=) 8.1.17.0cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:*:*:*
- IBM » Spectrum Protect ClientVersions from including (>=) 8.1.0.0 and up to, including, (<=) 8.1.17.0cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*
- IBM » Spectrum Protect For Space ManagementVersions from including (>=) 8.1.0.0 and up to, including, (<=) 8.1.17.0cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33832
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33832
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.0
|
3.6
|
NIST | |
6.2
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
IBM Corporation |
CWE ids for CVE-2023-33832
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: psirt@us.ibm.com (Secondary)
-
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-33832
-
https://www.ibm.com/support/pages/node/7011761
Security Bulletin: A vulnerability in IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management can lead to denial of service (CVE-2023-338Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/256012
IBM Spectrum Protect denial of service CVE-2023-33832 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to