CVE-2025-3319
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-08-13
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | spectrum_protect_server | From 8.1.0.0 (inc) to 8.1.26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Spectrum Protect Server versions 8.1 through 8.1.26 allows an attacker to bypass authentication due to improper session authentication. Specifically, it arises from a built-in admin account that does not properly enforce authentication, enabling unauthorized users to gain access to critical resources without valid credentials. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to critical resources on the IBM Spectrum Protect Server. This means an attacker could compromise confidentiality, integrity, and availability of the system, potentially leading to data breaches, data manipulation, or service disruption. Since no privileges or user interaction are required, the risk is significant if the system is exposed to a network. [1]
What immediate steps should I take to mitigate this vulnerability?
IBM recommends upgrading IBM Spectrum Protect Server from versions 8.1.0.000 through 8.1.26.000 to version 8.1.27 to remediate the vulnerability. There are no workarounds or mitigations currently available, so applying the update is the immediate step to mitigate this vulnerability. [1]