Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2017-10356, CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-2618)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control formerly Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates for October 2017 and January 2018. U UPDATED 5/17/2018 to a...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. Vulnerability Details CVEID: CVE-2021-44228...

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Control (CVE-2021-45105, CVE-2021-45046)

Summary There are two vulnerabilities in Apache Log4j: denial of service CVE-2021-45105 and remote code execution CVE-2021-45046. These vulnerabilities may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. The fix includes Apache...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-4104)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. Vulnerability Details CVEID: CVE-2021-4104...

Vulnerabilities fixed in IBM Spectrum Control

IBM has fixed vulnerabilities in software bundled at Spectrum Control. These include previously fixed vulnerabilities in underlying products and libraries such as node.js, OpenSSL and Websphere Liberty. Previous security advisories have been published. A malicious party can exploit the...

Security Bulletin: Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL affect IBM Spectrum Control

Summary Vulnerabilities in Node.js, IBM WebSphere Application Server Liberty, and OpenSSL may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large...

Security Bulletin: Vulnerabilities in Node.js, XStream and Apache Commons affect IBM Spectrum Control

Summary Vulnerabilities in Node.js, XStream and Apache Commons such as denial of service, elevated privileges, and execution of arbitrary code on the system may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2021-22918 DESCRIPTION: Node.js is vulnerable to a denial of service, caus...

Security Bulletin: Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control

Summary Multiple vulnerabiilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js may affect IBM Spectrum Control. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021. Vulnerability Details CVEID: CVE-2020-5258...

Security Bulletin: Vulnerabilities in XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js affect IBM Spectrum Control

Summary Multiple vulnerabiilities in XStream, Apache HTTP components, FasterXML Jackson Databind, OpenSSL, and Node.js may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when unmarshallin...

Security Bulletin: Vulnerabilities in Net-SNMP library affect IBM Spectrum Control (CVE-2020-15861, CVE-2020-15862)

Summary Net-SNMP could allow a local authenticated attacker to gain elevated privileges on the system Vulnerability Details CVEID: CVE-2020-15861 DESCRIPTION: Net-SNMP could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of symlinks by...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control (CVE-2020-14577, CVE-2020-14578,  CVE-2020-14579)

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU July 2020. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252)

Summary Node.js is vulnerable to HTTP request smuggling and to a buffer overflow which can affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP...

IBM Spectrum Control Information Disclosure Vulnerability

IBM Spectrum Control formerly known as Tivoli Storage Productivity Center is a suite of storage resource management software from IBM in the United States. The software provides monitoring, automation and analysis for multiple storage systems. An information disclosure vulnerability exists in IBM...

CVE-2019-4072

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...

CVE-2019-4071

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063...

CVE-2019-4072

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...

CVE-2019-4072

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time,...

CVE-2019-4071

IBM Security Bulletin for CVE-2019-4071 confirms a CSV injection/validation flaw in IBM Tivoli Storage Productivity Center (rebranded IBM Spectrum Control). Affected versions include IBM Tivoli Storage Productivity Center 5.2.0–5.2.7.1, IBM Spectrum Control 5.2.8–5.2.17.2, and IBM Spectrum Contro...

PT-2019-16881 · Ibm · Ibm Tivoli Storage Productivity Center

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Productivity Center versions 5.2.1 through 5.2.17 Description: The issue allows users to remain idle within the application even after logging out, and by utilizing the application's back button, users can remain logged in...

IBM Tivoli Storage Productivity Center and IBM Spectrum Control Cross-Site Scripting Vulnerability

IBM Tivoli Storage Productivity Center and IBM Spectrum Control are both storage resource management software from IBM USA. A cross-site scripting vulnerability exists in IBM Tivoli Storage Productivity Center versions 5.2.0 through 5.2.7.1 and IBM Spectrum Control versions 5.2.8 through 5.2.11. ...