The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim.
CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage Manager could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151014>
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
The following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client are affected:
Spectrum Protect Backup-Archive Client Release |
First Fixing VRM Level
| Platform | Link to Fix
—|—|—|—
8.1 | 8.1.7 |
AIX
Linux
Macintosh
Solaris
Windows
|
<https://www.ibm.com/support/docview.wss?uid=ibm10872618>
7.1 | 7.1.8.5 |
AIX
HP-UX
Linux
Macintosh
Solaris
Windows
|
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
None.