IBM Tivoli Storage Productivity Center 5.2.0 Remote Code Execution Vulnerability

Summary

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.

Credit:

The information has been provided by IBM.
The original article can be found at:http://www.ibm.com/support/docview.wss?uid=ibm10872900


Details

IBM Tivoli Storage Productivity Center is prone to a remote code-execution vulnerability. This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
Vulnerable Systems:

  • IBM Tivoli Storage Productivity Center 5.2.0
  • IBM Spectrum Control 5.2.8
  • IBM Spectrum Control 5.3.0
  • IBM Spectrum Control 5.3.1

CVE Information:
CVE-2019-4071

Disclosure Timeline:
Publish Date:05/09/2019