When tracing is enabled, the IBM Spectrum Protect Backup-Archive Client trace file may display the password in plain text. This affects the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client and IBM Spectrum Protect for Virtual Environments.
CVE(s): CVE-2018-1882
Affected product(s) and affected version(s):
This security exposure affects the following products and levels:
- IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client levels:
– 8.1.0.0 through 8.1.6.1
– 7.1.0.0 through 7.1.8.4 - IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
– 8.1.0.0 through 8.1.6.1
– 7.1.0.0 through 7.1 8.4 - IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
– 8.1.0.0 through 8.1.6.1
– 7.1.0.0 through 7.1.8.0 -
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10869208
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151968The post IBM Security Bulletin: Password disclosure via trace file affects IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1882) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2FYTtRp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.