CVE-2023-35897

HIGH

IBM Spectrum Protect Client & Storage Protect - Local RCE

Title source: llm

Description

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

References (2)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/259246

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/7037299

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427 CWE-94

Status published

Affected Products (3)

ibm/storage_protect < 8.1.19.0

ibm/storage_protect_client < 8.1.19.0

Timeline

Published Oct 06, 2023

Tracked Since Feb 18, 2026