IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center is vulnerable to cross-site scripting which can result in disclosure of credentials within a trusted session.
CVE(s): CVE-2018-1854, CVE-2018-1855
Affected product(s) and affected version(s):
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:
- 8.1.0.000 through 8.1.6.100
- 7.1.0.000 through 7.1.9.100
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10735913
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151015
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151017
The post IBM Security Bulletin: Cross-Site Scripting vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2018-1854, CVE-2018-1855) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2XqhGaU
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.