Vulnerability Details CVE-2019-4087
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-4087
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.0.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.1.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.3.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.4.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.5.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.6.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.7.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.8.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:7.1.9.200
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.0.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.1.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.2.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.3.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.4.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.5.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.6.000
-
cpe:2.3:a:ibm:spectrum_protect_operations_center:8.1.7.000