Jun 29, 2019 9:02 am EDT
Categorized: Medium Severity
Share this post:
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Server may disclose the database restore password when using the dsmserv restore db command. This could allow another user to perform a database restore or possibly result in an old backup replacing the database.
CVE(s): CVE-2019-4140
Affected product(s) and affected version(s):
This vulnerability affects the following IBM Spectrum Protect (formerly Tivoli Storage Manager) Server levels:
- 8.1.0.0 through 8.1.7.xxx
- 7.1.0.0 through 7.1.9.200
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883346
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158336
from IBM Product Security Incident Response Team https://ift.tt/2XeeVbH
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.