When tracing is enabled, the IBM Spectrum Protect Client trace file may display the password in plain text. This affects IBM Spectrum Protect (formerly Tivoli Storage Manager) for Space Management.
CVEID: CVE-2018-1882 DESCRIPTION: In a certain atypical IBM Spectrum Protect configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file.
CVSS Base Score: 4.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151968> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
The following levels of IBM Spectrum Protect for Space Management (formerly Tivoli Storage Manager for Space Management) are affected:
Client Release
|
First Fixing VRM Level
|
Platform
|
Link to Fix
—|—|—|—
8.1
|
8.1.7
|
AIX
Linux
|
[http://www.ibm.com/support/docview.wss?uid=ibm10788381](<http://www.ibm.com/support/docview.wss?uid=ibm10788381 >)
7.1
|
7.1.8.5
|
AIX
Linux
|
http://www.ibm.com/support/docview.wss?uid=swg24044240
To minimize exposure to this vulnerability, do not use tracing in the options file (dsm.opt) unless instructed to do so by IBM and delete existing trace files that are no longer needed.