SB2022090121 - Multiple vulnerabilities in IBM Security SiteProtector System
Published: September 1, 2022
Security Bulletin ID
SB2022090121
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2020-13938)
The vulnerability allows a local user to stop the service.
The vulnerability exists due to improper privilege management. A local user can on the Windows system can stop the Apache HTTP server service.
2) Input validation error (CVE-ID: CVE-2021-30641)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect parsing of Apache configuration files. An unexpected
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-http-server-vulnerabilities-cve-2020-13938-cve-2021-30641/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-http-server-vulnerabilities-cve-2020-13938-cve-2021-30641/</a><br>
- https://www.ibm.com/support/pages/node/6494731<br><br></p>