IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used (CVE-2018-1785)

Sep 24, 2018 9:01 am EDT

Categorized: Low Severity

Share this post:

IBM Spectrum Protect (formerly Tivoli Storage Manager) and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.

CVE(s): CVE-2018-1785

Affected product(s) and affected version(s):

This security exposure affects the following products and levels:

• IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
  – 8.1.0.0 through 8.14.2 (Macintosh)
  8.1.0.0 through 8.1.4.1 (All other platforms)
  – 7.1.0.0 through 7.1.8.3
• IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
  – 8.1.0.0 through 8.1.4.1
  – 7.1.0.0 through 7.1 8.2
• IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
  – 8.1.0.0 through 8.1.4.0
  – 7.1.0.0 through 7.1.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10729873
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148870

from IBM Product Security Incident Response Team https://ift.tt/2Ia4i3E