Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA7041FD29962152FC7F92860A7071E53C834F5F4E7208A2CCAC5D234629E442A
HistoryFeb 07, 2019 - 10:55 p.m.

Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments allow legacy SSL/TLS protocols and ciphers to be used (CVE-2018-1545)

2019-02-0722:55:01
www.ibm.com
10

0.001 Low

EPSS

Percentile

41.5%

JSON

Summary

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments), allow legacy SSL/TLS protocols and ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.

Vulnerability Details

CVEID: CVE-2018-1545 DESCRIPTION: IBM Tivoli Storage Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142649&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

This security exposure affects the following products and levels:

  • IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
    - 8.1.0.0 through 8.14.2 (Macintosh)
    8.1.0.0 through 8.1.4.1 (All other platforms)
    - 7.1.0.0 through 7.1.8.2

  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
    - 8.1.0.0 through 8.1.4.1
    - 7.1.0.0 through 7.1 8.2

  • IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
    - 8.1.0.0 through 8.1.4.0
    - 7.1.0.0 through 7.1.8.0

Remediation/Fixes

IBM Spectrum Protect Client Release First Fixing VRM Level APAR Platform Link to Fix
8.1 8.1.6 IT24684 AIX
Linux
Macintosh
Solaris
Windows http://www.ibm.com/support/docview.wss?uid=swg24044969
7.1 7.1.8.3 IT24684 AIX
HP-UX
Linux
Macintosh
Solaris
Windows http://www.ibm.com/support/docview.wss?uid=swg24044550

.

Data Protection for VMware Release First Fixing VRM Level APAR Platform Link to Fix
8.1 8.1.6 IT25260 Linux
Windows

http://www.ibm.com/support/docview.wss?uid=swg24044948

7.1 | | | Linux
Windows |

Apply the above 7.1.8.3 client fix using the following link:
http://www.ibm.com/support/docview.wss?uid=swg24044550

.

Data Protectin for Hyper-V Release First Fixing VRM Level APAR Platform Link to Fix
8.1 8.1.4.2 IT25261 Windows

Can either upgrade to 8.1.4.2 or 8.1.6 for the fix.

Link to 8.1.4.2:
http://www.ibm.com/support/docview.wss?uid=swg24044927

Link to 8.1.6:
http://www.ibm.com/support/docview.wss?uid=swg24044948

7.1 | | | Windows |

Apply the above 7.1.8.3 client fix using the following link:
http://www.ibm.com/support/docview.wss?uid=swg24044550

.

Workarounds and Mitigations

None

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Code injection
2018-09-26 15:29:00
nvd
nvd
CVE-2018-1545
2018-09-26 15:29:00
cvelist
cvelist
CVE-2018-1545
2018-09-24 00:00:00
cve
cve
CVE-2018-1545
2018-09-26 15:29:00

0.001 Low

EPSS

Percentile

41.5%

JSON
Related for A7041FD29962152FC7F92860A7071E53C834F5F4E7208A2CCAC5D234629E442A
prion1nvd1cvelist1cve1