7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
IBM Spectrum Protect for Workstations ((formerly Tivoli Storage Manager FastBack for Workstations) Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in security bulletins.
Please consult the following WebSphere Application Server security bulletins for vulnerability details and information about the fixes:
<https://www.ibm.com/support/docview.wss?uid=ibm10795115>
<https://www.ibm.com/support/docview.wss?uid=ibm10869570>
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations) Central Administration Console versions:
- 8.1.0.0 through 8.1.2.x
- 7.1.0.0 through 7.1.8.x | IBM WebSphere Application Server Liberty:
- versions prior to 19.0.0.3 for CVE-2018-1902
- versions prior to 19.0.0.4 for CVE-2019-4046
Upgrading Liberty to 19.0.0.4 or later fixes both of the security issues reported by the following IBM WebSphere Application Server security bulletins:
<https://www.ibm.com/support/docview.wss?uid=ibm10795115>
<https://www.ibm.com/support/docview.wss?uid=ibm10869570>
To upgrade the version of Liberty used by Central Administration Console (CAC):
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P