Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, security restrictions bypass, sensitive information exposure, highly sensitive information exposure, memory resource consumption, server-side request forgery attack, no confidentiality impact, low integrity impact, no availability impact, and low availability impact, as described in the "Vulnerability Details" section. CVE-2023-5678, CVE-2024-0727, CVE-2024-38320, CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264, CVE-2024-6197, CVE-2024-22354, CVE-2023-38546, CVE-2024-3933, CVE-2024-6874. Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DH_generate_key() function to generate an X9.42 DH key. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CWE:CWE-20: Improper Input Validation CVSS Source: IBM X-Force CVSS Base score: 3.7 CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash. CWE:CWE-20:…Read More