IBM reveals high-severity flaws in spectrum protect

In News

IBM has revealed multiple critical and high-severity flaws across a range of products, the most severe of which can be found in its IBM Spectrum Protect tool. Researchers say the most severe of these flaws could cause a remote attacker to execute arbitrary code on impacted systems.

So far, IBM has disclosed seven CVEs across its data storage and management tools. This includes IBM’s Planning Analytics data analysis tool, IBM Security Guardium data protection platform and the IBM Daeja ViewONE web-based image viewer.

The worst is the CVE-2019-4087 vulnerability impacting the servers and storage agents that are supposed to be protected by the Spectrum Protect. The flaw, which has a CVSS Score of 9.8 out of 10, is a stack-based buffer overflow vulnerability that stems from improper bounds checking in the servers and storage agents that make up Spectrum Protect. Impacted are versions 7.1 and 8.1 of the platform.

“By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash,” says IBM’s support page.

Another high-severity flaw (CVE-2019-4088) in the IBM Spectrum Protect could allow a local attacker to gain elevated privileges on impacted systems. Also patched was a medium-severity glitch in IBM Spectrum Protect could allow a local user to replace existing databases by restoring old data; and a final low-severity flaw in the platform’s operations center (CVE-2019-4129) that could allow a remote attacker to obtain sensitive information.

IBM has urged impacted users to upgrade to version 8.1.8 or 7.1.9.300.

 

Comments

You may also read!

Data Protection Day 2020: De-Risking in the Era of Transparency

Daniel Fried, General Manager (GM) and Senior Vice President (SVP), EMEA and Worldwide Channels, Veeam explains the relevance of

Read More...

Allegion showcases its latest security solutions at Intersec 2020

Allegion exhibited its latest security solutions at Intersec 2020. With a strong focus on security around the door and

Read More...

Infoblox announces 5-city cybersecurity tour throughout MEA

Infoblox announced that it is hosting a 5-city cybersecurity tour throughout Middle East & Africa (MEA) under the theme

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu