The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments), allow legacy SSL/TLS protocols and ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.
CVEID: CVE-2018-1545 DESCRIPTION: IBM Tivoli Storage Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142649> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
This security exposure affects the following products and levels:
IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
- 8.1.0.0 through 8.14.2 (Macintosh)
8.1.0.0 through 8.1.4.1 (All other platforms)
- 7.1.0.0 through 7.1.8.2
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
- 8.1.0.0 through 8.1.4.1
- 7.1.0.0 through 7.1 8.2
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
- 8.1.0.0 through 8.1.4.0
- 7.1.0.0 through 7.1.8.0
IBM Spectrum Protect Client Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6 | IT24684 | AIX | |
Linux | ||||
Macintosh | ||||
Solaris | ||||
Windows | http://www.ibm.com/support/docview.wss?uid=swg24044969 | |||
7.1 | 7.1.8.3 | IT24684 | AIX | |
HP-UX | ||||
Linux | ||||
Macintosh | ||||
Solaris | ||||
Windows | http://www.ibm.com/support/docview.wss?uid=swg24044550 |
.
Data Protection for VMware Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6 | IT25260 | Linux | |
Windows |
http://www.ibm.com/support/docview.wss?uid=swg24044948
7.1 | | | Linux
Windows |
Apply the above 7.1.8.3 client fix using the following link:
http://www.ibm.com/support/docview.wss?uid=swg24044550
.
Data Protectin for Hyper-V Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.4.2 | IT25261 | Windows |
Can either upgrade to 8.1.4.2 or 8.1.6 for the fix.
Link to 8.1.4.2:
http://www.ibm.com/support/docview.wss?uid=swg24044927
Link to 8.1.6:
http://www.ibm.com/support/docview.wss?uid=swg24044948
7.1 | | | Windows |
Apply the above 7.1.8.3 client fix using the following link:
http://www.ibm.com/support/docview.wss?uid=swg24044550
.
None