Monday, September 24, 2018

IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments allow legacy SSL/TLS protocols and ciphers to be used (CVE-2018-1545)

Sep 24, 2018 9:01 am EDT

Categorized: Medium Severity

Share this post:

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments), allow legacy SSL/TLS protocols and ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.

CVE(s): CVE-2018-1545

Affected product(s) and affected version(s):

This security exposure affects the following products and levels:

  • IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
    – 8.1.0.0 through 8.14.2 (Macintosh)
    8.1.0.0 through 8.1.4.1 (All other platforms)
    – 7.1.0.0 through 7.1.8.2
  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
    – 8.1.0.0 through 8.1.4.1
    – 7.1.0.0 through 7.1 8.2
  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
    – 8.1.0.0 through 8.1.4.0
    – 7.1.0.0 through 7.1.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10718013
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142649



from IBM Product Security Incident Response Team https://ift.tt/2Ic6J5R
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)