Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM31B44AD35ACCB782267D277B842AF41C36D9F08706CBAA7F9111633DAF08CF9B
HistoryFeb 07, 2019 - 10:50 p.m.

Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used (CVE-2018-1785)

2019-02-0722:50:01
www.ibm.com
9

0.002 Low

EPSS

Percentile

56.3%

JSON

Summary

IBM Spectrum Protect (formerly Tivoli Storage Manager) and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.

Vulnerability Details

CVEID: CVE-2018-1785 DESCRIPTION: IBM Tivoli Storage Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148870&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

This security exposure affects the following products and levels:

  • IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
    - 8.1.0.0 through 8.14.2 (Macintosh)
    8.1.0.0 through 8.1.4.1 (All other platforms)
    - 7.1.0.0 through 7.1.8.3

  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
    - 8.1.0.0 through 8.1.4.1
    - 7.1.0.0 through 7.1 8.2

  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
    - 8.1.0.0 through 8.1.4.0
    - 7.1.0.0 through 7.1.8.0

Remediation/Fixes

IBM Spectrum Protect Client Release First Fixing VRM Level APAR Platform Link to Fix
8.1 8.1.6 IT25661 AIX
Linux
Macintosh
Solaris
Windows

<http://www.ibm.com/support/docview.wss?uid=swg24044969&gt;

7.1 | 7.1.8.4 | IT25661 |

AIX
HP-UX
Linux
Macintosh
Solaris
Windows

|

<http://www.ibm.com/support/docview.wss?uid=swg24044550&gt;

.

Data Protection for VMware Release First Fixing VRM Level APAR Platform Link to Fix
8.1 8.1.6 IT26341 Linux
Windows

<https://www.ibm.com/support/docview.wss?uid=swg24044948&gt;

7.1 | | | Linux
Windows |

Apply the above 7.1.8.4 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550&gt;

.

Data Protectin for Hyper-V Release First Fixing VRM Level APAR Platform Link to Fix
8.1 8.1.6 IT26342 Windows

<https://www.ibm.com/support/docview.wss?uid=swg24044948&gt;

7.1 | | | Windows |

Apply the above 7.1.8.4 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550&gt;

.

Workarounds and Mitigations

None

Related

cve 1
ibm 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2018-1785
2018-09-26 15:29:01
ibm
ibm
Security Bulletin: IBM Spectrum Protect Server allows Triple DES (3DES) ciphers to be used (CVE-2018-1785)
2020-11-20 23:22:10
prion
prion
Code injection
2018-09-26 15:29:00
cvelist
cvelist
CVE-2018-1785
2018-09-24 00:00:00
nvd
nvd
CVE-2018-1785
2018-09-26 15:29:01

0.002 Low

EPSS

Percentile

56.3%

JSON
Related for 31B44AD35ACCB782267D277B842AF41C36D9F08706CBAA7F9111633DAF08CF9B
cve1ibm1prion1cvelist1nvd1