CVE-2023-35897

Summary

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

Affected Software

VendorProductVersion RangeStatus
IBMStorage Protect Client8.1.0.0 <= 8.1.19.0affected
IBMStorage Protect for Virtual Environments8.1.0.0 <= 8.1.19.0affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References