IBM Security Bulletin: Potential password exposure in IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1339)

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Server may use a weak algorithm for encrypting passwords.

CVE(s): CVE-2017-1339

Affected product(s) and affected version(s):

This vulnerability affects the following IBM Spectrum Protect (formerly Tivoli Storage Manager) server levels:

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.3 and below all levels (these releases are EOS)
    Note that 6.4 shipped with 6.3 servers.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2y5qwRA
X-Force Database: http://ift.tt/2y6Ygf3

The post IBM Security Bulletin: Potential password exposure in IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1339) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2i7PUQx