Lucene search
IBMA584A1C99F3494C8C9CBFF28310F2D8CDAA2FBCB1A812CA7F51E15F304B638EAHistoryDec 20, 2019 - 8:47 a.m.
Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4406)
2019-12-2008:47:33
www.ibm.com
13
EPSS
0
Percentile
12.6%
Summary
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client is vulnerable to a denial of service attack.
Vulnerability Details
CVEID:CVE-2019-4406
**DESCRIPTION:**The IBM Spectrum Protect Client may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162477 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client |
8.1.0.0-8.1.8.0
7.1.0.0-7.1.8.6
Remediation/Fixes
Spectrum Protect
| Backup-Archive Client Release | First Fixing VRM Level | ** APAR** | Platform | Link to Fix |
|---|---|---|---|---|
| 8.1 | 8.1.9 | IT29313 | AIX | |
| Linux | ||||
| Macintosh | ||||
| Solaris | ||||
| Windoes | <http://www.ibm.com/support/docview.wss?uid=ibm11108473> | |||
| 7.1 | 7.1.8.7 | IT29313 | AIX | |
| HP-UX | ||||
| Linux | ||||
| Macintosh | ||||
| Solaris | ||||
| Windows | <http://www.ibm.com/support/docview.wss?uid=swg24044550> |
Workarounds and Mitigations
None
Related
prion
prion
Design/Logic Flaw
2019-11-25 17:15:00
nvd
nvd
CVE-2019-4406
2019-11-25 17:15:12
cvelist
cvelist
CVE-2019-4406
2019-11-25 17:01:24
symantec
symantec
IBM Spectrum Protect CVE-2019-4406 Local Denial of Service Vulnerability
2019-11-22 00:00:00
cve
cve
CVE-2019-4406
2019-11-25 17:15:12
EPSS
0
Percentile
12.6%
Related for A584A1C99F3494C8C9CBFF28310F2D8CDAA2FBCB1A812CA7F51E15F304B638EA