Detections
Analytics

IBM Spectrum Protect Plus Web UI 10.1.0 < 10.1.17.1 (7237702)

high Nessus Plugin ID 240343

Synopsis

The IBM Spectrum Protect Plus Web UI is affected by multiple vulnerabilities.

Description

The version of IBM Spectrum Protect Plus Web UI installed on the remote host is prior to 10.1.17.1 IBM Spectrum Protect Plus. It is, therefore, affected by multiple vulnerabilities as referenced in the 7237702 advisory.

 - This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array. (CVE-2020-7789)

 - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. (CVE-2023-30861)

 - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
 (CVE-2023-32681)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to IBM Spectrum Protect Plus Web UI 10.1.17.1 IBM Spectrum Protect Plus or later.

See Also

https://www.ibm.com/support/pages/node/7237702

Plugin Details

Severity: High

ID: 240343

File Name: ibm_spp_7237702.nasl

Version: 1.1

Type: remote

Agent: unix

Family: Misc.

Published: 6/25/2025

Updated: 6/25/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-7789

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-30861

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-52798

Vulnerability Information

CPE: cpe:/a:ibm:spectrum_protect_plus

Required KB Items: installed_sw/IBM Spectrum Protect Plus Web UI

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/24/2025

Vulnerability Publication Date: 12/9/2020

Reference Information

CVE: CVE-2020-28493, CVE-2020-29651, CVE-2020-7789, CVE-2022-42969, CVE-2023-1077, CVE-2023-23934, CVE-2023-25577, CVE-2023-30861, CVE-2023-32681, CVE-2023-46136, CVE-2024-22195, CVE-2024-3372, CVE-2024-34064, CVE-2024-34069, CVE-2024-35195, CVE-2024-36124, CVE-2024-37891, CVE-2024-45296, CVE-2024-45590, CVE-2024-49766, CVE-2024-49767, CVE-2024-52798, CVE-2024-6345, CVE-2024-8305, CVE-2025-22870, CVE-2025-27516