Home Unlabelled IBM Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987)

IBM Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987)

By
Thursday, August 01, 2019
Read
Add Comment

If tracing is activated, IBM Spectrum Protect (formerly Tivoli Storage Manager) for Enterprise Resource Planning may display the IBM Spectrum Protect node password in plain text in the trace file.

CVE(s): CVE-2018-1987

Affected product(s) and affected version(s):
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Enterprise Resource Planning are affected:

  • 8.1.0.0 through 8.1.6.0 – Data Protection for SAP HANA
    8.1.0.0 through 8.1.4.0 – Data Protection for SAP for Db2 and Data Protection for SAP for Oracle
  • 7.1.3.0 through 7.1.3.1 – Data Protection for SAP HANA, Db2, and Oracle.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883782
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154280

The post IBM Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2ZpHtRg
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us