Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM99AC26B06343466CDEBCB8C1B5F6A1F9EBC8A8A3B7797C0232883F934D7BD90D
HistoryApr 02, 2019 - 3:20 p.m.

Security Bulletin: Password Exposure in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments on Windows platforms (CVE-2018-1787)

2019-04-0215:20:01
www.ibm.com
8

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client and IBM Spectrum Protect for Virtual Environments on Windows are affected by a password exposure vulnerability caused by insecure file permissions.

Vulnerability Details

CVEID: CVE-2018-1787 DESCRIPTION: IBM Spectrum Protect is affected by a password exposure vulnerability caused by insecure file permissions.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148872&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

This security exposure affects the following products and levels:

  • IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client levels:
    - 8.1.2.0 through 8.1.6.0
    - 7.1.8.0 through 7.1.8.4

  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
    - 8.1.2.0 through 8.1.6.0
    - 7.1.8.0 through 7.1 8.4

  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
    - 8.1.2.0 through 8.1.6.0
    - 7.1.8.0

Remediation/Fixes

** Backup-Archive Client Release** |

First Fixing VRM Level

| APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.6.1 | IT26060 | Windows |

<http://www.ibm.com/support/docview.wss?uid=swg24043653&gt;

7.1 | 7.1.8.5 | IT26060 | Windows |

<http://www.ibm.com/support/docview.wss?uid=swg24044550&gt;

Data Protection for VMware Release | First Fixing
VRM Level | APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.6.1 | IT26644 | Windows |

<http://www.ibm.com/support/docview.wss?uid=ibm10739257&gt;

7.1 | 7.1.8.5 | IT26644 | Windows |

Data Protection for VMware 7.1 customers can upgrade to Data Protection for VMware 7.1.8.5 or apply the above 7.1.8.5 client fix.
Data Protection for VMware 7.1.8.5 link:
<https://www.ibm.com/support/docview.wss?uid=swg24044553&gt;
Client 7.1.8.5 link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550&gt;

Data Protection for Hyper-V Release |

First Fixing__** VRM Level**

| APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.6.1 | IT26645 | Windows | <http://www.ibm.com/support/docview.wss?uid=ibm10739263&gt;
7.1 | | | Windows |

Apply the above 7.1.8.5 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550&gt;

Workarounds and Mitigations

The clustersharedfolder option can be used on Windows to specify the directory location on an NTFS formatted volumes in which to store an encrypted password file for cluster backup which will contain the correct privileges.

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Cross site scripting
2019-04-08 15:29:00
nvd
nvd
CVE-2018-1787
2019-04-08 15:29:00
cvelist
cvelist
CVE-2018-1787
2019-04-02 00:00:00
cve
cve
CVE-2018-1787
2019-04-08 15:29:00

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for 99AC26B06343466CDEBCB8C1B5F6A1F9EBC8A8A3B7797C0232883F934D7BD90D
prion1nvd1cvelist1cve1