Lucene search

IBMF40B1900ED95787704AA565F5B2FB63D0BD5E56CF01F7573C9CE369A71F287DD

HistoryFeb 07, 2019 - 10:55 p.m.

Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect (formerly Tivoli Storage Manager) Client, IBM Spectrum Protect for Virtual Environments: Data Protection for VMware, and IBM Spectrum Protect for Space Management (CVE-2018-1550)

2019-02-0722:55:01

www.ibm.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client, IBM Spectrum Protect: Data Protection for VMware, and IBM Spectrum Protect for Space Management could allow a local user to corrupt or delete sensitive information that could cause a denial of service.

Vulnerability Details

CVEID: CVE-2018-1550 DESCRIPTION: IBM Spectrum Protect could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142696> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

This security exposure affects the following products and levels:

IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
- 8.1.2.0 through 8.14.2 (Macintosh)
8.1.2.0 through 8.1.4.1 (All other platforms)
- 7.1.8.0 through 7.1.8.2
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
- 8.1.2.0 through 8.1.4.1
- 7.1.8.0 through 7.1 8.2
IBM Spectrum Protect for Space Management (formerly Tivoli Storage Manager for Space Management)
- 8.1.2.0 through 8.1.4.1
- 7.1.8.0 through 7.1.8.2

Remediation/Fixes

IBM Spectrum Protect Client Release

First Fixing VRM Level

APAR

Platform

Link to Fix

—|—|—|—|—

8.1

8.1.6

IT23846

AIX
Linux
Macintosh
Solaris

http://www.ibm.com/support/docview.wss?uid=swg24044969

7.1

7.1.8.3

IT23846

AIX
HP-UX
Linux
Macintosh
Solaris

http://www.ibm.com/support/docview.wss?uid=swg24044550

IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Release

First Fixing VRM Level

APAR

Platform

Link to Fix

—|—|—|—|—

8.1

8.1.6

IT25380

Linux

http://www.ibm.com/support/docview.wss?uid=swg24044948

7.1

Linux

Apply the above 7.1.8.3 client fix using the following link:
http://www.ibm.com/support/docview.wss?uid=swg24044550

IBM Spectrum Protect for Space Management Release

First Fixing VRM Level

Platform

Link to Fix

—|—|—|—

8.1

8.1.6

AIX
Linux

| http://www.ibm.com/support/docview.wss?uid=swg24044982

7.1

7.1.8.3

AIX
Linux

http://www.ibm.com/support/docview.wss?uid=swg24044240

CPENameOperatorVersion
ibm spectrum protecteq8.1
ibm spectrum protecteq7.1
tivoli storage managereq7.1
ibm spectrum protect for virtual environmentseq8.1
ibm spectrum protect for virtual environmentseq7.1
tivoli storage manager for virtual environmentseq7.1
ibm spectrum protect for space managementeq8.1
ibm spectrum protect for space managementeq7.1
tivoli storage manager for space managementeq7.1

Name	Operator	Version
ibm spectrum protect	eq	8.1
ibm spectrum protect	eq	7.1
tivoli storage manager	eq	7.1
ibm spectrum protect for virtual environments	eq	8.1
ibm spectrum protect for virtual environments	eq	7.1
tivoli storage manager for virtual environments	eq	7.1
ibm spectrum protect for space management	eq	8.1
ibm spectrum protect for space management	eq	7.1
tivoli storage manager for space management	eq	7.1

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for F40B1900ED95787704AA565F5B2FB63D0BD5E56CF01F7573C9CE369A71F287DD