IBM Spectrum Protect Plus application protection could allow a local attacker to gain elevated privileges or execute arbitrary code on the system.
CVEID: CVE-2019-4383 DESCRIPTION: When using Spectrum Protect Plus to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges.
CVSS Base Score: 7.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162165> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2019-4357 DESCRIPTION: When using Spectrum Protect Plus to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system.
CVSS Base Score: 8.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161667> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
IBM Spectrum Protect Plus 10.1.1 (Oracle)
IBM Spectrum Protect Plus 10.1.2 (Oracle and Db2)
IBM Spectrum Protect Plus 10.1.3 (Oracle, Db2, and MongoDB)
Spectrum Protect Plus Release
| First Fixing
VRM Level|Platform|_Link to Fix _
—|—|—|—
10.1 | 10.1.4 | Linux
AIX (Db2) |
<http://www.ibm.com/support/docview.wss?uid=ibm10879861>
None