Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1A127AEA5C76B3C61F5D5EDDCB7D4E2522EF09A75167DD7C2D54B7FEBFAA6B45
HistoryJun 17, 2018 - 3:18 p.m.

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Storage Manager that affects multiple IBM Tivoli Storage products (CVE-2016-0201)

2018-06-1715:18:01
www.ibm.com
9

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, IBM Tivoli Storage Manager HSM for Windows, and IBM Tivoli Storage Manager for Virtual Environments. Information about a security vulnerability affecting the IBM Tivoli Manager Client/API has been published in a security bulletin.
Bulletin update: TSM 7.1.5 server and 7.1.4.4 AIX, Linux x86, Windows client fixes are available.

Vulnerability Details

Consult the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)for vulnerability details and information about the fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Tivoli Storage FlashCopy Manager (IBM Spectrum Protect Snapshot) for Windows version 4.1| Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage FlashCopy Manager for Windows version 3.2| Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage FlashCopy Manager for Windows version 3.1| Tivoli Storage Manager Client/API version 6.3
Note: Within the Tivoli Storage FlashCopy Manager on Windows product, the Tivoli Storage Manager client is also referred to as the FlashCopy Manager VSS Requestor component.

.

Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) version 7.1 Tivoli Storage Manager Client/API version 7.1
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.4 Tivoli Storage Manager Client/API version 6.4
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.3 Tivoli Storage Manager Client/API version 6.3
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 5.5
(End of Life Cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
Tivoli Storage Manager for Databases: Data Protection for Oracle (IBM Spectrum Protect for Databases) on Windows version 7.1 Tivoli Storage Manager Client/API version 7.1
Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 6.4 Tivoli Storage Manager Client/API version 6.4
Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 6.3 Tivoli Storage Manager Client/API version 6.3
Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 5.5
(End of Life Cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (IBM Spectrum Protect for Mail) version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.3 Tivoli Storage Manager Client/API version 6.3
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 5.5
(End of life cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Mail: Data Protection for Domino (IBM Spectrum Protect for Mail) on Windows version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.3 Tivoli Storage Manager Client/API version 6.3
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 5.5
(End of life cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Manager HSM for Windows version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Manager HSM for Windows version 6.3 Tivoli Storage Manager Client/API version 6.3
Note: Be aware that all HSM for Windows functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ.
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.3 Tivoli Storage Manager Client/API version 6.3
Notes: Within the Tivoli Storage Manager for Virtual Environments: Data Protection for VMware product, the Tivoli Storage Manager client is also referred to as the data mover. Be aware that all Data Protection for VMware functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ.
. Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V (IBM Spectrum Protect for Virtual Environments) version 7.1 Tivoli Storage Manager Client/API version 7.1
Notes: Within the Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V product, the Tivoli Storage Manager client is also referred to as the data mover. Be aware that all Data Protection for Hyper-V functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ

Remediation/Fixes

Refer to the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)

Workarounds and Mitigations

Refer to the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)

Related

ibm 48
prion 1
cve 1
cvelist 1
openvas 1
nessus 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence shipped with IBM Capacity Management Analytyics (CVE-2016-0201)
2018-06-15 22:42:32
Security Bulletin: A vulnerability in the GSKit component of Content Manager OnDemand for Multiplatforms (CVE-2016-0201)
2018-06-17 12:14:07
Security Bulletin: A vulnerability has been addressed in the GSKit component of IBM Security Directory Server (CVE-2016-0201)
2018-06-16 21:39:22
prion
prion
Code injection
2016-01-18 05:59:00
cve
cve
CVE-2016-0201
2016-01-18 05:59:00
cvelist
cvelist
CVE-2016-0201
2016-01-18 02:00:00
openvas
openvas
IBM Security Network Protection Information Disclosure Vulnerability
2017-01-10 00:00:00
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.8 / 8.0.0.0 <= 8.0.0.12 Multiple Vulnerabilities (538705)
2020-12-11 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON
Related for 1A127AEA5C76B3C61F5D5EDDCB7D4E2522EF09A75167DD7C2D54B7FEBFAA6B45
ibm48prion1cve1cvelist1openvas1nessus1