IBM Spectrum Protect (formerly Tivoli Storage Manager) and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.
CVEID: CVE-2018-1785 DESCRIPTION: IBM Tivoli Storage Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148870> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
This security exposure affects the following products and levels:
IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
- 8.1.0.0 through 8.14.2 (Macintosh)
8.1.0.0 through 8.1.4.1 (All other platforms)
- 7.1.0.0 through 7.1.8.3
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
- 8.1.0.0 through 8.1.4.1
- 7.1.0.0 through 7.1 8.2
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
- 8.1.0.0 through 8.1.4.0
- 7.1.0.0 through 7.1.8.0
IBM Spectrum Protect Client Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6 | IT25661 | AIX | |
Linux | ||||
Macintosh | ||||
Solaris | ||||
Windows |
<http://www.ibm.com/support/docview.wss?uid=swg24044969>
7.1 | 7.1.8.4 | IT25661 |
AIX
HP-UX
Linux
Macintosh
Solaris
Windows
|
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
.
Data Protection for VMware Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6 | IT26341 | Linux | |
Windows |
<https://www.ibm.com/support/docview.wss?uid=swg24044948>
7.1 | | | Linux
Windows |
Apply the above 7.1.8.4 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
.
Data Protectin for Hyper-V Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6 | IT26342 | Windows |
<https://www.ibm.com/support/docview.wss?uid=swg24044948>
7.1 | | | Windows |
Apply the above 7.1.8.4 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
.
None