CVE-2019-4071: IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
gnu	patch	>= 0 < 2.7.1-4ubuntu2.4+esm1	2.7.1-4ubuntu2.4+esm1
ibm	spectrum_control	5.2.8 – 5.2.17.2	—
ibm	spectrum_control	5.3.0 – 5.3.1	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	spectrum_control_standard_edition	—	—
ibm	tivoli_storage_productivity_center	5.2.0 – 5.2.7.1	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv5.9MEDIUM