IBMA30E4544C5E074CE57CB8D614F1556F7E98DCF28ADDCA0B3439A666233F29EBASecurity Bulletin: Password disclosure via trace file affects IBM Spectrum Protect for Space Management (CVE-2018-1882)
EPSS
Percentile
23.8%
Summary
When tracing is enabled, the IBM Spectrum Protect Client trace file may display the password in plain text. This affects IBM Spectrum Protect (formerly Tivoli Storage Manager) for Space Management.
Vulnerability Details
CVEID: CVE-2018-1882 DESCRIPTION: In a certain atypical IBM Spectrum Protect configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file.
CVSS Base Score: 4.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151968> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
The following levels of IBM Spectrum Protect for Space Management (formerly Tivoli Storage Manager for Space Management) are affected:
- 8.1.0.0 through 8.1.6.1
- 7.1.0.0 through 7.1.8.4
Remediation/Fixes
Client Release
|
First Fixing VRM Level
|
Platform
|
Link to Fix
—|—|—|—
8.1
|
8.1.7
|
AIX
Linux
|
[http://www.ibm.com/support/docview.wss?uid=ibm10788381](<http://www.ibm.com/support/docview.wss?uid=ibm10788381 >)
7.1
|
7.1.8.5
|
AIX
Linux
|
http://www.ibm.com/support/docview.wss?uid=swg24044240
Workarounds and Mitigations
To minimize exposure to this vulnerability, do not use tracing in the options file (dsm.opt) unless instructed to do so by IBM and delete existing trace files that are no longer needed.
Related
EPSS
Percentile
23.8%