Detections
Analytics
IBM Spectrum Protect Plus Web UI 10.1.0 < 10.1.17.1 (7237702)
medium Nessus Plugin ID 240343
Language:
Synopsis
The IBM Spectrum Protect Plus Web UI is affected by multiple vulnerabilities.Description
The version of IBM Spectrum Protect Plus Web UI installed on the remote host is prior to 10.1.17.1 IBM Spectrum Protect Plus. It is, therefore, affected by multiple vulnerabilities as referenced in the 7237702 advisory.- Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.
(CVE-2025-27516)
- This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array. (CVE-2020-7789)
- Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
(CVE-2023-32681)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to IBM Spectrum Protect Plus Web UI 10.1.17.1 IBM Spectrum Protect Plus or later.See Also
Plugin Details
Severity: Medium
ID: 240343
File Name: ibm_spp_7237702.nasl
Version: 1.2
Type: remote
Agent: unix
Family: Misc.
Published: 6/25/2025
Updated: 3/11/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-7789
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
CVSS Score Source: CVE-2025-27516
CVSS v4
Risk Factor: Medium
Base Score: 6.3
Threat Score: 2.9
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2024-49766
Vulnerability Information
CPE: cpe:/a:ibm:spectrum_protect_plus
Required KB Items: installed_sw/IBM Spectrum Protect Plus Web UI
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/24/2025
Vulnerability Publication Date: 12/9/2020
Reference Information
CVE: CVE-2020-28493, CVE-2020-29651, CVE-2020-7789, CVE-2022-42969, CVE-2023-1077, CVE-2023-1409, CVE-2023-23934, CVE-2023-25577, CVE-2023-30861, CVE-2023-32681, CVE-2023-46136, CVE-2024-22195, CVE-2024-3372, CVE-2024-34064, CVE-2024-34069, CVE-2024-35195, CVE-2024-36124, CVE-2024-37891, CVE-2024-45296, CVE-2024-45590, CVE-2024-49766, CVE-2024-49767, CVE-2024-52798, CVE-2024-56334, CVE-2024-6345, CVE-2024-7553, CVE-2024-8207, CVE-2024-8305, CVE-2025-22870, CVE-2025-27516