CVE-2019-4536

Name of the Vulnerable Software and Affected Versions IBM i version 7.4

Description The issue arises when a Restore User Profile (RSTUSRPRF) is performed on a system configured with Db2 Mirror for i, potentially resulting in user profiles having elevated privileges due to incorrect processing during the restoration of multiple user profiles. A user with restore privileges could exploit this to obtain elevated privileges on the restored system.

Recommendations For IBM i version 7.4, ensure that user profiles are properly validated after a restore operation to prevent elevated privileges, and consider restricting access to the restore function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.