Lucene search

K
ibmIBME303952ABA4EAB51CD206EDC8194B1905B2D0787B900E7B49C9FE291E37F2D4D
HistoryFeb 22, 2022 - 7:59 p.m.

Security Bulletin: Information Disclosure in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2018-1621

2022-02-2219:59:01
www.ibm.com
7

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

Summary

A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). There is a potential Information disclosure vulnerability in WebSphere Application Server. IBM Spectrum Control has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2018-1621

DESCRIPTION: IBM WebSphere Application Server could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/144346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product Affected Versions
IBM Tivoli Storage Productivity Center 5.2.0 - 5.2.7.1
IBM Spectrum Control 5.2.8 - 5.2.13

The versions listed above apply to all licensed offerings of IBM Spectrum Control.

Remediation/Fixes

The solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable.

Starting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control.

Release First Fixing VRM Level Link to Fix/Fix Availability Target
5.2.x 5.2.14 <http://www-01.ibm.com/support/docview.wss?uid=swg21320822&gt;

Note: It is always recommended to have a current backup before applying any update procedure.

Workarounds and Mitigations

None.

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.4%

Related for E303952ABA4EAB51CD206EDC8194B1905B2D0787B900E7B49C9FE291E37F2D4D