PT-2019-16892 · Ibm · Ibm Spectrum Protect Server+1
Sébastien Charbonnier
+1
·
Published
2019-07-02
·
Updated
2022-12-09
·
CVE-2019-4088
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Spectrum Protect Servers versions 7.1 through 8.1
IBM Spectrum Protect Storage Agents versions 7.1 through 8.1
Description
A local attacker could gain elevated privileges on the system by loading a specially crafted library loaded by the dsmqsan module. This could allow the attacker to gain root privileges on the vulnerable system.
Recommendations
For IBM Spectrum Protect Servers versions 7.1 through 8.1, consider restricting access to the dsmqsan module until a patch is available.
For IBM Spectrum Protect Storage Agents versions 7.1 through 8.1, consider restricting access to the dsmqsan module until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Spectrum Protect Server
Ibm Spectrum Protect Storage Agents