When tracing is enabled, the IBM Spectrum Protect Client trace file may display the password in plain text. This affects IBM Spectrum Protect (formerly Tivoli Storage Manager) for Space Management.
CVE(s): CVE-2018-1882
Affected product(s) and affected version(s):
The following levels of IBM Spectrum Protect for Space Management (formerly Tivoli Storage Manager for Space Management) are affected:
- 8.1.0.0 through 8.1.6.1
- 7.1.0.0 through 7.1.8.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10869436
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151968
The post IBM Security Bulletin: Password disclosure via trace file affects IBM Spectrum Protect for Space Management (CVE-2018-1882) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Uk0ZAk
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.