| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM Spectrum Protect
IBM Spectrum Protect: denial of service via TCP CLOSE_WAIT
Synthesis of the vulnerability
An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-539, CVE-2018-1786, ibm10738765, VIGILANCE-VUL-27744.
Description of the vulnerability
An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Tracing
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: CVE-2018-1788, ibm10730357, VIGILANCE-VUL-27682.
Description of the vulnerability
An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: denial of service
Synthesis of the vulnerability
An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 27/09/2018.
Identifiers: CVE-2018-1550, ibm10719401, VIGILANCE-VUL-27352.
Description of the vulnerability
An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Triple DES
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1785, ibm10729873, VIGILANCE-VUL-27299.
Description of the vulnerability
An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Legacy SSL/TLS Protocols
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1545, ibm10718013, VIGILANCE-VUL-27298.
Description of the vulnerability
An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: code execution via Attach API
Synthesis of the vulnerability
An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-12539, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27093.
Description of the vulnerability
An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: directory traversal via DTFJ
Synthesis of the vulnerability
An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-1656, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27092.
Description of the vulnerability
An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: vulnerabilities of April 2018
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 18/04/2018.
Identifiers: 2016282, CERTFR-2018-AVI-188, cpuapr2018, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826, DSA-4185-1, DSA-4225-1, FEDORA-2018-40c4930c83, FEDORA-2018-579ff80ed8, FEDORA-2018-77533e644b, FEDORA-2018-9aa8064e12, ibm10713455, ibm10715641, ibm10716001, ibm10717125, ibm10717149, ibm10717207, ibm10717275, ibm10717537, ibm10718843, ibm10719319, ibm10719993, K15217245, K33924005, K44923228, K70321874, openSUSE-SU-2018:1710-1, openSUSE-SU-2018:1719-1, RHSA-2018:1188-01, RHSA-2018:1191-01, RHSA-2018:1201-01, RHSA-2018:1202-01, RHSA-2018:1203-01, RHSA-2018:1204-01, RHSA-2018:1205-01, RHSA-2018:1206-01, RHSA-2018:1270-01, RHSA-2018:1278-01, RHSA-2018:1721-01, RHSA-2018:1722-01, RHSA-2018:1723-01, RHSA-2018:1724-01, SB10234, SUSE-SU-2018:1447-1, SUSE-SU-2018:1458-1, SUSE-SU-2018:1690-1, SUSE-SU-2018:1692-1, SUSE-SU-2018:1738-1, SUSE-SU-2018:1764-1, SUSE-SU-2018:1938-1, SUSE-SU-2018:1938-2, SUSE-SU-2018:2068-1, swg22016419, USN-3644-1, USN-3691-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-25899, ZDI-18-306, ZDI-18-307.
Description of the vulnerability
Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial) |
Apache OpenJPA: code execution via BrokerFactory
Synthesis of the vulnerability
An attacker can use a vulnerability via BrokerFactory of Apache OpenJPA, in order to run code.
Impacted products: Fedora, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, Oracle Fusion Middleware, Tuxedo, WebLogic.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 18/04/2018.
Identifiers: 1671636, cpuapr2018, CVE-2013-1768, FEDORA-2013-12948, FEDORA-2013-12960, FEDORA-2013-12967, ibm10719109, MDVSA-2013:246, RHSA-2013:1185-01, swg21639553, swg21640799, swg21644047, swg24034966, swg27007951, VIGILANCE-VUL-25898.
Description of the vulnerability
An attacker can use a vulnerability via BrokerFactory of Apache OpenJPA, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
GSKit: vulnerability
Synthesis of the vulnerability
A vulnerability of GSKit was announced.
Impacted products: AIX, Rational ClearCase, SPSS Modeler, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Creation date: 03/04/2018.
Identifiers: 2012827, 2014202, 2014575, 2014651, 2015080, CVE-2018-1447, ibm10732391, ibm10733605, ibm10738249, VIGILANCE-VUL-25757.
Description of the vulnerability
A vulnerability of GSKit was announced.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM Spectrum Protect:
|