CVE-2019-4357

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus versions 10.1.0 through 10.1.3

Description The issue allows execution of arbitrary code on the system when performing a redirected restore operation that specifies a target path, particularly when protecting Oracle, DB2, or MongoDB databases.

Recommendations For versions 10.1.0 through 10.1.3, consider restricting access to the restore operation until a fix is available, and avoid specifying target paths that could be exploited to execute arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.