SymmetricalDataSecurity: IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033)

Thursday, December 15, 2016

IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033)

IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments) and IBM Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect™ Snapshot) is vulnerable to cross-site request forgery. An attacker could execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE(s): CVE-2016-6033

Affected product(s) and affected version(s):

The following products and versions are affected.

Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments):
– 7.1.0.0 through 7.1.6.3
Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect Snapshot):
– 4.1.0.0 through 4.1.6.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hACSpY
X-Force Database: http://ift.tt/2hxKo7X

from IBM Product Security Incident Response Team http://ift.tt/2hAwAXh

SymmetricalDataSecurity

Thursday, December 15, 2016

IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews