7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
There are multiple vulnerabilities in IBM Runtime Environment Java which is used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server on AIX. These issues were disclosed as part of the IBM Java SDK updates in July 2019. UPDATED: 3/31/2020 with the 7.1 fix.
CVEID:CVE-2019-4473
**DESCRIPTION:**Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-11771
**DESCRIPTION:**AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect (formerly Tivoli Storage Manager) Server | 8.1.0.000-8.1.8.xxx |
IBM Spectrum Protect (formerly Tivoli Storage Manager) Server | 7.1.0.000-7.1.9.xxx |
Spectrum Protect Server Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
8.1 | 8.1.9 | AIX | https://www.ibm.com/support/docview.wss?uid=ibm11106253 |
7.1 | 7.1.10 | AIX | <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/server/v7r1/AIX> |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect | eq | 8.1 | |
ibm spectrum protect | eq | 7.1 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P