IBM Support

Security Bulletin: Security vulnerabilities have been identified in the IBM Spectrum Protect Client that affect multiple IBM Spectrum Protect products

Security Bulletin


Summary

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client is used as a component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Windows and IBM Spectrum Protect (formerly Tivoli Storage Manager) HSM for Windows. Information about security vulnerabilities affecting the IBM Spectrum Protect Client have been published in security bulletins.

Vulnerability Details

Consult the following security bulletins for details and information about the fixes:
 
    

Affected Products and Versions

Principal Product and Version(s) Affected Supporting Product and Version
IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Windows version 8.1 IBM Spectrum Protect (formerly Tivoli Storage Manager) Client version 8.1
IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Windows version 4.1 IBM Spectrum Protect (formerly Tivoli Storage Manager) Client version 7.1.
Tivoli Storage FlashCopy Manager for Windows version 3.2 and below are EOS. IBM recommends upgrading to a supported level. Tivoli Storage Manager Client version 6.4 and below are EOS.
IBM recommends upgrading to a supported level.

Note: Within the IBM Spectrum Protect (formerly Tivoli Storage FlashCopy Manager) on Windows product, the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client is also referred to as the FlashCopy Manager VSS Requestor component.
    

Principal Product and Version(s) Affected Supporting Product and Version
IBM Spectrum Protect (formerly Tivoli Storage Manager) HSM for Windows version 8.1 IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 8.1
IBM Spectrum Protect (formerly Tivoli Storage Manager) HSM for Windows version 7.1 IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1
Tivoli Manager HSM for Windows version 6.4 and below are EOS.
IBM recommends upgrading to a supported level.		 Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level.

Note: Be aware that all HSM for Windows functional components, which includes the IBM Spectrum Protect Client and API, must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ.

Remediation/Fixes

Workarounds and Mitigations

None.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

2 April 2019 - original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

Advisory 11757 Product Record 113925
Advisory 12382 Product Record 116782
Advisory 13870 Product Record 125352
Advisory 13652 Product Record 124100
Advisory 13053 Product Record 130504
Advisory 14498 Product Record 130505

Document Location

Worldwide

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSERFV","label":"IBM Spectrum Protect Snapshot"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.1;4.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSERFH","label":"IBM Spectrum Protect HSM for Windows"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.1, 7.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS36V9","label":"Tivoli Storage FlashCopy Manager"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSATMW","label":"Tivoli Storage Manager HSM for Windows"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
01 February 2022

UID

ibm10872164

Page Feedback