IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046)

Potential spoofing and denial of service vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments.

CVE(s): CVE-2018-1902, CVE-2019-4046

Affected product(s) and affected version(s):
The following products and versions are affected by this vulnerability:

• IBM Spectrum Protect (formerly Tivoli Storage Manager) Client web user interface versions:
  – 8.1.7 and 8.1.7.1
• IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions:
  – 8.1.0.0 through 8.1.7.0
  – 7.1.0.0 through 7.1.8.5
• IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions:
  – 8.1.4.0 through 8.1.7.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10884082
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152531
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242

The post IBM Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2Y7TiOJ