IBM Security Bulletin: Privilege escalation and code injection vulnerabilities in IBM Spectrum Protect Plus application protection (CVE-2019-4383, CVE-2019-4357)

IBM Spectrum Protect Plus application protection could allow a local attacker to gain elevated privileges or execute arbitrary code on the system.

CVE(s): CVE-2019-4383, CVE-2019-4357

Affected product(s) and affected version(s):
IBM Spectrum Protect Plus 10.1.1 (Oracle) IBM Spectrum Protect Plus 10.1.2 (Oracle and Db2) IBM Spectrum Protect Plus 10.1.3 (Oracle, Db2, and MongoDB)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10886111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162165
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161667

The post IBM Security Bulletin: Privilege escalation and code injection vulnerabilities in IBM Spectrum Protect Plus application protection (CVE-2019-4383, CVE-2019-4357) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/321zoUH