6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.1%
Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2019. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware.
Updated 18 March 2020: Added link to 4.1.6.9 fix
CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Snapshot for VMware | 4.1.0.0-4.1.6.8 |
Spectrum Protect Snapshot for VMware Release |First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
4.1 | 4.1.6.9 | Linux | https://www.ibm.com/support/pages/node/5694321
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect snapshot | eq | 4.1 | |
tivoli storage flashcopy manager | eq | 4.1 |
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.1%