CVE-2019-4236

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect version 7.1

Description The issue affects the backup or archive operation of HP-UX VxFS objects. If an object has more than twelve Access Control List (ACL) entries, the IBM Spectrum Protect client silently skips these entries during backup or archive operations. This could allow a local attacker to restore or retrieve the object with incorrect ACL entries, potentially leading to unauthorized access.

Recommendations For IBM Spectrum Protect version 7.1, consider restricting access to sensitive objects until a fix is available to prevent unauthorized restoration or retrieval with incorrect ACL entries. As a temporary workaround, limit the number of ACL entries associated with each object to twelve or fewer to minimize the risk of exploitation.