7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
OpenSSL, used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection from VMware, is vulnerable to two denial of service vulnerabilities which can cause the application to stop responding or crash.
NOTE1: This bulletin was updated on December 15, 2017 to add fixes for NetApp Services.
NOTE2: This bulletin was updated on February 15, 2018 to add 7.1 AIX client fix for NetApp Services.
CVEID: CVE-2016-8610**
DESCRIPTION:** SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to stop responding.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118296 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) **** ** ** CVEID: CVE-2017-3733**
DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122091 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
These security exposures affect network connections between IBM Spectrum Protect (formerly Tivoli Storage Manager) and VMware services. This exposure affects:
Note that VMware services for the 8.1 client are not affected because the affected component in 8.1 has been moved to Data Protection for VMware.****_ _
|
—|—
_
_
IBM Spectrum Protect (Tivoli Storage Manager) Client Release
| Fixing VRM Level|Platform|Link to Fix / Fix Availability Target
—|—|—|—
8.1| 8.1.4| Linux
Windows| For NetApp services,
<http://www.ibm.com/support/docview.wss?uid=swg24044364>
7.1| 7.1.8.2| AIX| For NetApp services,
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
7.1| 7.1.8| Linux
Windows| For NetApp services,
http://www.ibm.com/support/docview.wss?uid=swg24043984
7.1| 7.1.6.5| Linux
Windows | For VMware services,
http://www.ibm.com/support/docview.wss?uid=swg24042496
6.4 and below| |
| For NetApp services, IBM recommends upgrading to a fixed level or higher of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client.
For VMware services, IBM recommends upgrading to a fixed level or higher of IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware.
IBM Spectrum Protect for Virtual Environments (Tivoli Storage Manager for Virtual Environments): Data Protection for VMware Release | Fixing VRM Level | Platform | Link to Fix / Fix Availability Target |
---|---|---|---|
8.1 | 8.1.0.2 | Linux | |
Windows | For VMware services, | ||
<http://www.ibm.com/support/docview.wss?uid=swg24043351> | |||
7.1 | 7.1.6.5 | Linux | |
Windows | For VMware services, you can either apply the above client fix (7.1.6.5) or upgrade to Data Protection for VMware 7.1.6.5 using the following link: | ||
<http://www.ibm.com/support/docview.wss?uid=swg24042520> | |||
6.4 and below | |||
For VMware services, IBM recommends upgrading to a fixed level (8.1.0.2 or 7.1.6.5) or higher of IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware. |
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P