What is CVE-2023-35897?

CVE-2023-35897 is a high-severity vulnerability in Ibm Storage_protect, classified under Code Injection. CVSS score: 8.4/10. Published 2023-10-06.

How severe is CVE-2023-35897?

High severity. CVSS v3 base score is 8.4 out of 10.

RCE in Ibm Storage_protect

CVE-2023-35897

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-F…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (14.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Storage_protect
Ibm Storage Protect Client — versions 8.1.0.0
Ibm Storage_protect_client
Ibm Storage Protect For Virtual Environments — versions 8.1.0.0

Weakness classification (CWE)

References

psirt@us.ibm.com (vendor-advisory, Patch, Vendor Advisory)
psirt@us.ibm.com (VDB Entry, vdb-entry, Vendor Advisory)

Frequently asked questions

What is CVE-2023-35897?: CVE-2023-35897 is a high-severity vulnerability in Ibm Storage_protect, classified under Code Injection. CVSS score: 8.4/10. Published 2023-10-06.
How severe is CVE-2023-35897?: High severity. CVSS v3 base score is 8.4 out of 10.