5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL, used by the Tivoli Storage Manager Client, has addressed the applicable CVEs.
CVEID: CVE-2015-0287**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This security exposure affects network connections between the Tivoli Storage Manager (IBM Spectrum Protect) Client and VMware services. This exposure affects:
Tivoli Storage Manager Client Release
| Fixing VRM Level|**_
Platform_|Link to Fix / Fix Availability Target**
—|—|—|—
7.1| 7.1.4| VMware
Linux x86
Windows x64| http://www.ibm.com/support/docview.wss?uid=swg24041076
7.1| 7.1.6.3| NetApp
AIX
Linux x86
Windows x32
Windows x64| http://www.ibm.com/support/docview.wss?uid=swg24042496
6.4| 6.4.3.2| VMware
Linux x86
Windows x64| http://www.ibm.com/support/docview.wss?uid=swg24041144
6.4| 6.4.3.4| NetApp
AIX
Linux x86
Windows x64| http://www.ibm.com/support/docview.wss?uid=swg24041144
6.4|
| VMware/NetApp
Windows x32| IBM recommends upgrading the machine to 64-bit and using the TSM 6.4 or 7.1 Windows x64 client with the 7.1 (7.1.4 or 7.1.6.3) or 6.4.(6.4.3.2/6.4.3.4) fix. Please refer to APAR IT13174 for more information about Windows x32 and VMware backups.
6.3 and 6.2|
|
| IBM recommends VMware/NetApp users upgrade to a fixed level of 7.1 (7.1.4 for VMware, 7.1.6.3 for NetApp) or 6.4 (6.4.3.2 for VMware, 6.4.3.4 for NetApp).
Tivoli Storage Manager for Virtual Environments: Data Protection for VMware Release|Fixing VRM Level|_
Platform_|Link to Fix / Fix Availability Target
—|—|—|—
7.1| 7.1.4| Linux x86
Windows x64| <http://www.ibm.com/support/docview.wss?uid=swg24041094>
6.4|
| Linux x86
Windows x64| Apply the TSM client fixing level (6.4.3.2)
6.4|
| Windows x32| IBM recommends upgrading the machine to 64-bit and using the TSM 6.4 Windows x64 client with the 6.4.3.2 fix. Please refer to APAR IT13174 for more information about Windows x32 and Data Protection for VMware.
6.3|
|
| IBM recommends Tivioli Storage Manager for Virtual Environments: Data Protection for VMware 6.3 users upgrade to 6.4 and apply the TSM client fixing level (6.4.3.2) or upgrade to 7.1.4.
None