IBM88A3AC899E0F300FE4B0D88E2DA0976E8D73E4BC7778634E65FF7307580898A7Security Bulletin: IBM Spectrum Protect Client Web Interface is vulnerable to a clickjacking attack (CVE-2018-1853)
0.001 Low
EPSS
Percentile
40.2%
Summary
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim.
Vulnerability Details
CVEID: CVE-2018-1853 DESCRIPTION: IBM Tivoli Storage Manager could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151014>
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
The following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client are affected:
- 8.1.0.0 through 8.1.6.1
- 7.1.0.0 through 7.1.8.4
Remediation/Fixes
Spectrum Protect Backup-Archive Client Release |
First Fixing VRM Level
| Platform | Link to Fix
—|—|—|—
8.1 | 8.1.7 |
AIX
Linux
Macintosh
Solaris
Windows
|
<https://www.ibm.com/support/docview.wss?uid=ibm10872618>
7.1 | 7.1.8.5 |
AIX
HP-UX
Linux
Macintosh
Solaris
Windows
|
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect | eq | 8.1 | |
| ibm spectrum protect | eq | 7.1 | |
| tivoli storage manager | eq | 7.1 |
Related
0.001 Low
EPSS
Percentile
40.2%