Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553)

Summary

Information disclosure vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect (formerly Tivoli Storage Mangaer) for Virtual Environments.

Vulnerability Details

CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142890&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware are affected:

• 8.1.0.0 through 8.1.6.0
• 7.1.0.0 through 7.1.8.3

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V are affected:

• 8.1.4.0 through 8.1.6.0

Remediation/Fixes

Spectrum Protect for Virtual Environments: Data Protection for VMware Release

| Fixing VRM Level |Platform|Link to Fix / Fix Availability Target
—|—|—|—
8.1 | 8.1.6.1 | Linux
Windows |

<http://www.ibm.com/support/docview.wss?uid=ibm10739257&gt;

7.1 | 7.1.8.4 | Linux
Windows | <https://www.ibm.com/support/docview.wss?uid=swg24044553&gt;

IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Release

| Fixing VRM Level |Platform|Link to Fix / Fix Availability Target
—|—|—|—
8.1 | 8.1.6.1 | Windows |

[http://www.ibm.com/support/docview.wss?uid=ibm10739263](< http://www.ibm.com/support/docview.wss?uid=ibm10739263&gt;)

Workarounds and Mitigations

None