IBM Security Bulletin: Potential password exposure in IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1339)
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Server may use a weak algorithm for encrypting passwords.
CVE(s): CVE-2017-1339
Affected product(s) and affected version(s):
This vulnerability affects the following IBM Spectrum Protect (formerly Tivoli Storage Manager) server levels:
- 8.1.0.0 through 8.1.1.x
- 7.1.0.0 through 7.1.7.x
- 6.3 and below all levels (these releases are EOS)
Note that 6.4 shipped with 6.3 servers.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2y5qwRA
X-Force Database: http://ift.tt/2y6Ygf3
The post IBM Security Bulletin: Potential password exposure in IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1339) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2i7PUQx