Lucene search

IBM4C8CA1383C163507ED1B7874FEE70E6DCE4EDA7CBB08F7BF310F30881A0E0070

HistoryFeb 09, 2021 - 9:53 a.m.

Security Bulletin: Vulnerability in psutil affects IBM Spectrum Protect Plus backup and restore of Db2 and MongoDB databases (CVE-2019-18874)

2021-02-0909:53:06

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

Denial of service vulnerability in psutil may affect IBM Spectrum Protect Plus backup and restore of Db2 and MongoDB databases.

Vulnerability Details

CVEID:CVE-2019-18874
**DESCRIPTION:**psutil is vulnerable to a denial of service, caused by a double free. By using specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Spectrum Protect Plus Db2 database backup and restore
10.1.2-10.1.7
IBM Spectrum Protect Plus MongoDB database backup and restore	10.1.3-10.1.7

Remediation/Fixes

IBM Spectrum Protect Plus Release	First Fixing VRM Level	Platform	Link to Fix
10.1	10.1.7 ifix2
(10.1.7.2)
AIX
Linux	https://www.ibm.com/support/pages/node/6330495

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protect pluseq10.1

CPE	Name	Operator	Version
	ibm spectrum protect plus	eq	10.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for 4C8CA1383C163507ED1B7874FEE70E6DCE4EDA7CBB08F7BF310F30881A0E0070