SynopsisA web application running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe IBM Spectrum Protect Plus (SPP) administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a 'set hostname' HTTP request. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary code on the system with root privileges.
Note that this plugin does not flag SPP 10.1.5 build 2218 having the spp-emi-10.1.5-227 RPM package as vulnerable because it partially fixed the vulnerabilities by enabling authentication for URL /emi/api/hostname. A full fix is in spp-emi-10.1.6-21 in SPP 10.1.6 build 1974, which performs additional checking on the hostname parameter in the HTTP request to prevent authenticated command injection.
Also note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.
SolutionUpdate the IBM Spectrum Protect Plus RPM package spp-emi to 10.1.6-21 or later. That spp-emi package should be in the IBM Spectrum Protect Plus 10.1.6 build 1974.