The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Spectrum Protect

vulnerability note CVE-2018-1786

IBM Spectrum Protect: denial of service via TCP CLOSE_WAIT

Synthesis of the vulnerability

An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-539, CVE-2018-1786, ibm10738765, VIGILANCE-VUL-27744.

Description of the vulnerability

An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1788

IBM Spectrum Protect: information disclosure via Tracing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: CVE-2018-1788, ibm10730357, VIGILANCE-VUL-27682.

Description of the vulnerability

An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1550

IBM Spectrum Protect: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 27/09/2018.
Identifiers: CVE-2018-1550, ibm10719401, VIGILANCE-VUL-27352.

Description of the vulnerability

An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1785

IBM Spectrum Protect: information disclosure via Triple DES

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1785, ibm10729873, VIGILANCE-VUL-27299.

Description of the vulnerability

An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1545

IBM Spectrum Protect: information disclosure via Legacy SSL/TLS Protocols

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1545, ibm10718013, VIGILANCE-VUL-27298.

Description of the vulnerability

An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-12539

IBM Java: code execution via Attach API

Synthesis of the vulnerability

An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-12539, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27093.

Description of the vulnerability

An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1656

IBM Java: directory traversal via DTFJ

Synthesis of the vulnerability

An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-1656, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27092.

Description of the vulnerability

An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-2783 CVE-2018-2790 CVE-2018-2794

Oracle Java: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 18/04/2018.
Identifiers: 2016282, CERTFR-2018-AVI-188, cpuapr2018, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826, DSA-4185-1, DSA-4225-1, FEDORA-2018-40c4930c83, FEDORA-2018-579ff80ed8, FEDORA-2018-77533e644b, FEDORA-2018-9aa8064e12, ibm10713455, ibm10715641, ibm10716001, ibm10717125, ibm10717149, ibm10717207, ibm10717275, ibm10717537, ibm10718843, ibm10719319, ibm10719993, K15217245, K33924005, K44923228, K70321874, openSUSE-SU-2018:1710-1, openSUSE-SU-2018:1719-1, RHSA-2018:1188-01, RHSA-2018:1191-01, RHSA-2018:1201-01, RHSA-2018:1202-01, RHSA-2018:1203-01, RHSA-2018:1204-01, RHSA-2018:1205-01, RHSA-2018:1206-01, RHSA-2018:1270-01, RHSA-2018:1278-01, RHSA-2018:1721-01, RHSA-2018:1722-01, RHSA-2018:1723-01, RHSA-2018:1724-01, SB10234, SUSE-SU-2018:1447-1, SUSE-SU-2018:1458-1, SUSE-SU-2018:1690-1, SUSE-SU-2018:1692-1, SUSE-SU-2018:1738-1, SUSE-SU-2018:1764-1, SUSE-SU-2018:1938-1, SUSE-SU-2018:1938-2, SUSE-SU-2018:2068-1, swg22016419, USN-3644-1, USN-3691-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-25899, ZDI-18-306, ZDI-18-307.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1768

Apache OpenJPA: code execution via BrokerFactory

Synthesis of the vulnerability

An attacker can use a vulnerability via BrokerFactory of Apache OpenJPA, in order to run code.
Impacted products: Fedora, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, Oracle Fusion Middleware, Tuxedo, WebLogic.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 18/04/2018.
Identifiers: 1671636, cpuapr2018, CVE-2013-1768, FEDORA-2013-12948, FEDORA-2013-12960, FEDORA-2013-12967, ibm10719109, MDVSA-2013:246, RHSA-2013:1185-01, swg21639553, swg21640799, swg21644047, swg24034966, swg27007951, VIGILANCE-VUL-25898.

Description of the vulnerability

An attacker can use a vulnerability via BrokerFactory of Apache OpenJPA, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1447

GSKit: vulnerability

Synthesis of the vulnerability

A vulnerability of GSKit was announced.
Impacted products: AIX, Rational ClearCase, SPSS Modeler, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Creation date: 03/04/2018.
Identifiers: 2012827, 2014202, 2014575, 2014651, 2015080, CVE-2018-1447, ibm10732391, ibm10733605, ibm10738249, VIGILANCE-VUL-25757.

Description of the vulnerability

A vulnerability of GSKit was announced.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Spectrum Protect: