Silent Skipping of ACL Entries in IBM Spectrum Protect 7.l Client Backup or Archive Operation

Silent Skipping of ACL Entries in IBM Spectrum Protect 7.l Client Backup or Archive Operation

CVE-2019-4236 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.

Learn more about our Cis Benchmark Audit For Ibm I.