The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Spectrum Protect

vulnerability bulletin CVE-2018-1882

IBM Spectrum Protect: information disclosure via Plain Text Password

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Plain Text Password of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 09/04/2019.
Identifiers: CVE-2018-1882, ibm10869208, ibm10869436, VIGILANCE-VUL-28973.

Description of the vulnerability

An attacker can bypass access restrictions to data via Plain Text Password of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1853

IBM Spectrum Protect: privilege escalation via Client Web Interface Clickjacking

Synthesis of the vulnerability

An attacker can bypass restrictions via Client Web Interface Clickjacking of IBM Spectrum Protect, in order to escalate his privileges.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 09/04/2019.
Identifiers: CVE-2018-1853, ibm10870718, VIGILANCE-VUL-28972.

Description of the vulnerability

An attacker can bypass restrictions via Client Web Interface Clickjacking of IBM Spectrum Protect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1787

IBM Spectrum Protect: information disclosure via Password Exposure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Password Exposure of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 09/04/2019.
Identifiers: CVE-2018-1787, ibm10869602, VIGILANCE-VUL-28971.

Description of the vulnerability

An attacker can bypass access restrictions to data via Password Exposure of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-4093

IBM Spectrum Protect: information disclosure via Restored Files Permissions

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Restored Files Permissions of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/04/2019.
Identifiers: CVE-2019-4093, ibm10875518, VIGILANCE-VUL-28931.

Description of the vulnerability

An attacker can bypass access restrictions to data via Restored Files Permissions of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1786

IBM Spectrum Protect: denial of service via TCP CLOSE_WAIT

Synthesis of the vulnerability

An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-539, CVE-2018-1786, ibm10738765, VIGILANCE-VUL-27744.

Description of the vulnerability

An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1788

IBM Spectrum Protect: information disclosure via Tracing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: CVE-2018-1788, ibm10730357, VIGILANCE-VUL-27682.

Description of the vulnerability

An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1550

IBM Spectrum Protect: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 27/09/2018.
Identifiers: CVE-2018-1550, ibm10719401, VIGILANCE-VUL-27352.

Description of the vulnerability

An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1785

IBM Spectrum Protect: information disclosure via Triple DES

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1785, ibm10729873, VIGILANCE-VUL-27299.

Description of the vulnerability

An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1545

IBM Spectrum Protect: information disclosure via Legacy SSL/TLS Protocols

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1545, ibm10718013, VIGILANCE-VUL-27298.

Description of the vulnerability

An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-12539

IBM Java: code execution via Attach API

Synthesis of the vulnerability

An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-12539, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27093.

Description of the vulnerability

An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Spectrum Protect: