The IBM Spectrum Protect (formerly Tivoli Storage Manager) Server may use a weak algorithm for encrypting passwords.
CVEID: CVE-2017-1339**
DESCRIPTION:** IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
This vulnerability affects the following IBM Spectrum Protect (formerly Tivoli Storage Manager) server levels:
IBM Spectrum Protect (Tivoli Storage Manager) Server Release
| Fixing
VRM
Level|**_
Platform_|Link to Fix / Fix Availability Target**
—|—|—|—
8.1| (8.1.2)
8.1.3| AIX
Linux
Windows| Although this issue has been fixed in 8.1.2, it is recommended to upgrade to 8.1.3 of the server using the following link**: **<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/server/v8r1/>
7.1| 7.1.8| AIX
HP-UX
Linux
Solaris
Windows| <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/server/v7r1/>
6.3 and below|
|
| 6.3 and below are EOS. Customers on these releases can upgrade the server to a fixed level (8.1.3/8.1.2 or 7.1.8).
Note that 6.4 shipped with 6.3 servers.
None