CVE-2019-4087

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Servers versions 7.1 through 8.1 IBM Spectrum Protect Storage Agents versions 7.1 through 8.1

Description The issue is related to a stack-based buffer overflow caused by improper bounds checking in response to specifically crafted communication exchanges. A remote attacker could overflow a buffer by sending an overly long request, potentially executing arbitrary code on the system with instance id privileges or causing the server or storage agent to crash.

Recommendations For IBM Spectrum Protect Servers versions 7.1 through 8.1, update to a version that includes the fix for the buffer overflow issue. For IBM Spectrum Protect Storage Agents versions 7.1 through 8.1, update to a version that includes the fix for the buffer overflow issue. As a temporary workaround, consider restricting access to the servers and storage agents to minimize the risk of exploitation.