IBM664A70D0A28506668D22931D3F2677E91E0AF7A4D1DAE56752847A50788F0339Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2019-4129)
0.001 Low
EPSS
Percentile
42.1%
Summary
A stack trace may be displayed in error messages generated by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center.
Vulnerability Details
CVEID: CVE-2019-4129 DESCRIPTION: IBM Spectrum Protect Operations Center could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158279> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:
- 8.1.0.000 through 8.1.7.xxx
- 7.1.0.000 through 7.1.9.200
Remediation/Fixes
IBM Spectrum Protect
Operations Center Release | First Fixing
VRM Level | Platform | Link to Fix
—|—|—|—
8.1 | 8.1.8 | AIX
Linux
Windows |
<https://www.ibm.com/support/docview.wss?uid=ibm10888465>
7.1
|
7.1.9.300
| AIX
Linux
Windows |
<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.9.300>
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect | eq | 8.1 | |
| ibm spectrum protect | eq | 7.1 | |
| tivoli storage manager | eq | 7.1 |
Related
0.001 Low
EPSS
Percentile
42.1%