2 matches found
CVE-2019-4357
IBM Spectrum Protect Plus vulnerable in 10.1.0–10.1.3 when protecting Oracle/DB2/MongoDB: a redirected restore operation with a target path may allow arbitrary code execution on the host. Affected components are the restore workflow and its path handling; user privileges required are HIGH with lo...
Security Bulletin: Privilege escalation and code injection vulnerabilities in IBM Spectrum Protect Plus application protection (CVE-2019-4383, CVE-2019-4357)
Summary IBM Spectrum Protect Plus application protection could allow a local attacker to gain elevated privileges or execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2019-4383 DESCRIPTION: When using Spectrum Protect Plus to protect Oracle or MongoDB databases, a redirected...