IBM reveals high-severity flaws in spectrum protect

In News

IBM has revealed multiple critical and high-severity flaws across a range of products, the most severe of which can be found in its IBM Spectrum Protect tool. Researchers say the most severe of these flaws could cause a remote attacker to execute arbitrary code on impacted systems.

So far, IBM has disclosed seven CVEs across its data storage and management tools. This includes IBM’s Planning Analytics data analysis tool, IBM Security Guardium data protection platform and the IBM Daeja ViewONE web-based image viewer.

The worst is the CVE-2019-4087 vulnerability impacting the servers and storage agents that are supposed to be protected by the Spectrum Protect. The flaw, which has a CVSS Score of 9.8 out of 10, is a stack-based buffer overflow vulnerability that stems from improper bounds checking in the servers and storage agents that make up Spectrum Protect. Impacted are versions 7.1 and 8.1 of the platform.

“By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash,” says IBM’s support page.

Another high-severity flaw (CVE-2019-4088) in the IBM Spectrum Protect could allow a local attacker to gain elevated privileges on impacted systems. Also patched was a medium-severity glitch in IBM Spectrum Protect could allow a local user to replace existing databases by restoring old data; and a final low-severity flaw in the platform’s operations center (CVE-2019-4129) that could allow a remote attacker to obtain sensitive information.

IBM has urged impacted users to upgrade to version 8.1.8 or 7.1.9.300.

 

Comments

You may also read!

Bulwark to showcase state-of-the-art IT security products at GITEX

UAE-based value added distributor, Bulwark Technologies announced that its portfolio of internationally acclaimed products lined up to be showcased

Read More...

Hacking my airplane

ESET’s security researcher, Cameron Camp points out that after welcoming hacking research, automobile technology started to get better at

Read More...

Are you building an effective SOC?

Haider Pasha, regional chief security officer, emerging markets, Palo Alto Networks shares his take on what makes an SOC

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu