A stack trace may be displayed in error messages generated by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center.
CVEID: CVE-2019-4129 DESCRIPTION: IBM Spectrum Protect Operations Center could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158279> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:
IBM Spectrum Protect
Operations Center Release | First Fixing
VRM Level | Platform | Link to Fix
—|—|—|—
8.1 | 8.1.8 | AIX
Linux
Windows |
<https://www.ibm.com/support/docview.wss?uid=ibm10888465>
7.1
|
7.1.9.300
| AIX
Linux
Windows |
<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.9.300>
None.