IBM Spectrum Protect CVE-2019-4406 Local Denial of Service Vulnerability

Description

IBM Spectrum Protect is prone to local denial-of-service vulnerability. Successful exploits will allow local attackers to cause a denial-of-service conditions.

Technologies Affected

• IBM Spectrum Protect 7.1.0.0
• IBM Spectrum Protect 7.1.6.6
• IBM Spectrum Protect 7.1.6.7
• IBM Spectrum Protect 7.1.8.0
• IBM Spectrum Protect 7.1.8.2
• IBM Spectrum Protect 7.1.8.3
• IBM Spectrum Protect 7.1.8.6
• IBM Spectrum Protect 8.1.0.0
• IBM Spectrum Protect 8.1.0.2
• IBM Spectrum Protect 8.1.1
• IBM Spectrum Protect 8.1.2.0
• IBM Spectrum Protect 8.1.4.1
• IBM Spectrum Protect 8.1.5.0
• IBM Spectrum Protect 8.1.6
• IBM Spectrum Protect 8.1.6.0
• IBM Spectrum Protect 8.1.6.1

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, ensure that only trusted individuals are given access to the affected system.

Updates are available. Please see the references or vendor advisory for more information.