IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-3139, CVE-2018-3180)

Multiple vulnerabilities in IBM® Runtime Environment Java were disclosed as part of the IBM Java SDK updates in October 2018. IBM® Runtime Environment Java is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware and Data Protection for Hyper-V.

CVE(s): CVE-2018-3139, CVE-2018-3180

Affected product(s) and affected version(s):

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware are affected:

• 8.1.0.0 through 8.1.6.1
• 7.1.0.0 through 7.1.8.4

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V are affected:

• 8.1.4.0 through 8.1.6.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10869966
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497

The post IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-3139, CVE-2018-3180) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2FMGPVl