Wednesday, August 31, 2016

IBM Security Bulletin: IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware GUI User May Gain Administrator Authority

A vulnerability exists in the IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware GUI (IBM Spectrum Protect™ for Virtual Environments) where an authenticated user can execute GUI functions that require the Tivoli Storage Manager administrative credentials without having these credentials.

CVE(s): CVE-2016-2988

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) are affected:

  • 7.1.0.0 through 7.1.4.x
  • 6.4.0.0 through 6.4.3.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bJeCzw
X-Force Database: http://ift.tt/2bROeHm



from IBM Product Security Incident Response Team http://ift.tt/2bJcR5q

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.