Lucene search
IBM1AF4510F1082C8515FF192613F3D01CB2AB69352E4268045DECE7E2631E514B6HistoryAug 31, 2020 - 7:29 p.m.
Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924)
2020-08-3119:29:57
www.ibm.com
26
bash
remote attacker
command execution
ibm spectrum protect plus
cve-2019-9924
vulnerability
version 10.1.0-10.1.6
EPSS
0.001
Percentile
27.5%
Summary
A vulnerability in Bash could allow a remote attacker to executive arbitrary commands on the system which may affect IBM Spectrum Protect Plus.
Vulnerability Details
CVEID:CVE-2019-9924
**DESCRIPTION:**Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158906 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Plus | 10.1.0-10.1.6 |
Remediation/Fixes
| Spectrum Protect Plus Release | First Fixing VRM Level | Platform | Link to Fix/Target Availability |
|---|---|---|---|
| 10.1 | 10.1.6 ifix3 | Linux | ** |
| <https://www.ibm.com/support/pages/node/6254732>** |
Workarounds and Mitigations
None
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0163)
2022-01-28 00:00:00
openSUSE: Security Advisory for bash (openSUSE-SU-2019:1178-1)
2019-04-09 00:00:00
Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1621)
2020-01-23 00:00:00
nessus
nessus
openSUSE Security Update : bash (openSUSE-2019-1178)
2019-04-09 00:00:00
Amazon Linux AMI : bash (ALAS-2020-1379)
2020-07-02 00:00:00
SUSE SLES12 Security Update : bash (SUSE-SU-2019:0898-1)
2019-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2019-9924
2019-03-22 00:00:00
redhat
redhat
(RHSA-2020:3803) Moderate: bash security update
2020-09-22 10:59:46
(RHSA-2020:1113) Moderate: bash security update
2020-03-31 09:20:26
(RHSA-2020:3592) Moderate: bash security update
2020-09-01 15:22:07
cve
cve
CVE-2019-9924
2019-03-22 08:29:00
debiancve
debiancve
CVE-2019-9924
2019-03-22 08:29:00
suse
suse
Security update for bash (important)
2019-04-09 00:00:00
nvd
nvd
CVE-2019-9924
2019-03-22 08:29:00
prion
prion
Design/Logic Flaw
2019-03-22 08:29:00
cloudfoundry
cloudfoundry
USN-4058-1: Bash vulnerability | Cloud Foundry
2019-08-29 00:00:00
f5
f5
K00866128 : Bash vulnerability CVE-2019-9924
2021-01-19 00:00:00
cvelist
cvelist
CVE-2019-9924
2019-03-22 07:05:28
amazon
amazon
Medium: bash
2020-10-22 17:21:00
Medium: bash
2020-06-23 05:55:00
photon
photon
redhatcve
redhatcve
CVE-2019-9924
2020-04-05 11:08:28
oraclelinux
oraclelinux
bash security update
2020-04-06 00:00:00
mageia
mageia
Updated bash packages fix security vulnerability
2019-05-12 12:35:33
ubuntu
ubuntu
Bash vulnerability
2019-07-15 00:00:00
Bash vulnerability
2019-08-05 00:00:00
centos
centos
bash security update
2020-04-08 17:44:32
osv
osv
CVE-2019-9924
2019-03-22 08:29:00
bash - security update
2019-03-25 00:00:00
debian
debian
[SECURITY] [DLA 1726-1] bash security update
2019-03-25 11:55:51
ibm
ibm
kitploit
kitploit
EPSS
0.001
Percentile
27.5%
Related for 1AF4510F1082C8515FF192613F3D01CB2AB69352E4268045DECE7E2631E514B6