5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, IBM Tivoli Storage Manager HSM for Windows, and IBM Tivoli Storage Manager for Virtual Environments. Information about a security vulnerability affecting the IBM Tivoli Manager Client/API has been published in a security bulletin.
Bulletin update: TSM 7.1.5 server and 7.1.4.4 AIX, Linux x86, Windows client fixes are available.
Consult the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)for vulnerability details and information about the fixes.
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Tivoli Storage FlashCopy Manager (IBM Spectrum Protect Snapshot) for Windows version 4.1| Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage FlashCopy Manager for Windows version 3.2| Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage FlashCopy Manager for Windows version 3.1| Tivoli Storage Manager Client/API version 6.3
Note: Within the Tivoli Storage FlashCopy Manager on Windows product, the Tivoli Storage Manager client is also referred to as the FlashCopy Manager VSS Requestor component.
.
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 5.5 | |
(End of Life Cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 |
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
Tivoli Storage Manager for Databases: Data Protection for Oracle (IBM Spectrum Protect for Databases) on Windows version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 5.5 | |
(End of Life Cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 |
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (IBM Spectrum Protect for Mail) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 5.5 | |
(End of life cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 |
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Storage Manager for Mail: Data Protection for Domino (IBM Spectrum Protect for Mail) on Windows version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 5.5 | |
(End of life cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 |
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
IBM Tivoli Manager HSM for Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
IBM Tivoli Manager HSM for Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
Note: Be aware that all HSM for Windows functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ. |
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
Notes: Within the Tivoli Storage Manager for Virtual Environments: Data Protection for VMware product, the Tivoli Storage Manager client is also referred to as the data mover. Be aware that all Data Protection for VMware functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ. | |
. Principal Product and Version(s) | Affected Supporting Product and Version |
— | — |
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V (IBM Spectrum Protect for Virtual Environments) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
Notes: Within the Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V product, the Tivoli Storage Manager client is also referred to as the data mover. Be aware that all Data Protection for Hyper-V functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ |
Refer to the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)
Refer to the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N