Data Processing Errors

CVE-2019-4236

Medium

5.1/10

Summary

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-19 - Data Processing Errors

Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

References

Advisory Timeline

Published Jul 22, 2019

Data Processing Errors

CVE-2019-4236

Summary

CWE-19 - Data Processing Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS