IBM243D2A574B28ACBC8847C2E82F2AF9D6A1152F024F28CE523CD17489B9584916Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267)
EPSS
Percentile
12.6%
Summary
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client is vulnerable to a buffer overflow that could allow execution of arbitrary code on the local system or the application to crash.
Vulnerability Details
CVEID: CVE-2019-4267 DESCRIPTION: The IBM Spectrum Protect Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160200> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
This security exposure affects IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client levels:
- 8.1.0.0 through 8.1.7.1
- 7.1.0.0 through 7.1.8.5
Remediation/Fixes
Backup-Archive
Client Release |
First Fixing VRM Level
| APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.8 | IT28291 | AIX
Linux
Macintosh
Solaris
Windows |
<https://www.ibm.com/support/docview.wss?uid=ibm10885610>
7.1 | 7.1.8.6 | IT28291 | AIX
HP-UX
Linux
Macintosh
Solaris
Windows |
<https://www.ibm.com/support/docview.wss?uid=swg24044550>
Workarounds and Mitigations
None
Related
EPSS
Percentile
12.6%