Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM30A3CAC19C129D80DB1B8D984BDE365B547F5EF33C7D9E757777F685B48F947D
HistoryJun 17, 2018 - 3:30 p.m.

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Storage Manager that affects multiple IBM Tivoli Storage products (CVE-2016-0371)

2018-06-1715:30:32
www.ibm.com
12

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary

The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager HSM for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, and IBM Tivoli Storage Manager for Virtual Environments. Information about a security vulnerability affecting the IBM Tivoli Manager Client/API has been published in a security bulletin.

Vulnerability Details

Consult the security bulletin Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)for vulnerability details and information about the fixes

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Tivoli Storage FlashCopy Manager (IBM Spectrum Protect Snapshot) for Windows version 4.1| Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage FlashCopy Manager for Windows version 3.2| Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage FlashCopy Manager for Windows version 3.1| Tivoli Storage Manager Client/API version 6.3
Note: Within the Tivoli Storage FlashCopy Manager on Windows product, the Tivoli Storage Manager client is also referred to as the FlashCopy Manager VSS Requestor component.

Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Manager HSM for Windows version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Manager HSM for Windows version 6.3 and below Release 6.3 (and below) are end of support and end of life cycle. Customers should upgrade to a fixed level (7.1 or 6.4)
Note: Be aware that all HSM for Windows functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ.
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) version 7.1 Tivoli Storage Manager Client/API version 7.1
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.4 Tivoli Storage Manager Client/API version 6.4
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.3 Tivoli Storage Manager Client/API version 6.3
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 5.5
(End of Life Cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
Tivoli Storage Manager for Databases: Data Protection for Oracle (IBM Spectrum Protect for Databases) version 7.1 Tivoli Storage Manager Client/API version 7.1
Tivoli Storage Manager for Databases: Data Protection for Oracle version 6.4 Tivoli Storage Manager Client/API version 6.4
Tivoli Storage Manager for Databases: Data Protection for Oracle version 6.3 Tivoli Storage Manager Client/API version 6.3
Tivoli Storage Manager for Databases: Data Protection for Oracle version 5.5
(End of Life Cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (IBM Spectrum Protect for Mail) version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.3 Tivoli Storage Manager Client/API version 6.3
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 5.5
(End of life cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Mail: Data Protection for Domino (IBM Spectrum Protect for Mail) on Windows version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.3 Tivoli Storage Manager Client/API version 6.3
IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 5.5
(End of life cycle 4/30/2017) Tivoli Storage Manager Client/API version 5.5
Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3).
Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) version 7.1 Tivoli Storage Manager Client/API version 7.1
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.4 Tivoli Storage Manager Client/API version 6.4
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.3 Tivoli Storage Manager Client/API version 6.3
Notes: Within the Tivoli Storage Manager for Virtual Environments: Data Protection for VMware product, the Tivoli Storage Manager client is also referred to as the data mover. Be aware that all Data Protection for VMware functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ.
. Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V (IBM Spectrum Protect for Virtual Environments) version 7.1 Tivoli Storage Manager Client/API version 7.1
Notes: Within the Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V product, the Tivoli Storage Manager client is also referred to as the data mover. Be aware that all Data Protection for Hyper-V functional components, which includes the TSM client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ

Remediation/Fixes

Refer to the security bulletin Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)

Workarounds and Mitigations

Refer to the security bulletin Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)

Related

openvas 3
nvd 1
ibm 2
prion 1
cve 1
cvelist 1
openvas
openvas
IBM TSM Client 'Password' Information Disclosure Vulnerability - Mac OS X
2017-06-02 00:00:00
IBM TSM Client 'Password' Information Disclosure Vulnerability - Windows
2017-06-02 00:00:00
IBM TSM Client 'Password' Information Disclosure Vulnerability - Linux
2017-06-02 00:00:00
nvd
nvd
CVE-2016-0371
2017-02-01 21:59:00
ibm
ibm
Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager for Space Management (CVE-2016-0371)
2018-06-17 15:28:40
Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)
2018-06-17 15:24:35
prion
prion
Design/Logic Flaw
2017-02-01 21:59:00
cve
cve
CVE-2016-0371
2017-02-01 21:59:00
cvelist
cvelist
CVE-2016-0371
2017-02-01 21:00:00

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for 30A3CAC19C129D80DB1B8D984BDE365B547F5EF33C7D9E757777F685B48F947D
openvas3nvd1ibm2prion1cve1cvelist1