High Severity

IBM Security Bulletin: Offline dictionary attack vulnerability in IBM Spectrum Protect (formerly Tivoli Storage Manager) (CVE-2016-8937)

Share this post:

IBM Spectrum Protect (formerly Tivoli Storage Manager) is vulnerable to an offline dictionary attack due to information disclosed during authentication. An attacker can gain full access to the IBM Spectrum Protect system allowing them to perform operations they may not be authorized to perform.

CVE(s): CVE-2016-8937

Affected product(s) and affected version(s):

This vulnerability affects the following products:

IBM Spectrum Protect (formerly Tivoli Storage Manager) Client

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

IBM Spectrum Protect (formerly Tivoli Storage Manager) Server

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.3 and below all levels (these releases are EOS)
    Note that 6.4 shipped with 6.3 servers

IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for Hyper-V

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x

IBM Spectrum Protect for Space Management (formerly Tivoli Storage Manager for Space Management:

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

IBM Spectrum Protect HSM for Windows (formerly Tivoli Storage Manager HSM for Windows)

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22007935
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118750

More stories

Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

Jan 5, 2020 8:03 pm EST | High Severity

This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2. A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721) A vulnerability has been addressed where the The X-Powered-By attribute is ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform

Jan 5, 2020 7:44 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or Version 8 used by Financial Transaction Manager for Check Services for Multi-Platform (FMT CHK). Financial Transaction Manager for Check Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CHK: v3.0.0.0 – 3.0.0.15, v3.0.2.0 – 3.0.2.1, v3.0.5.0 – 3.0.5.4 Refer ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Jan 5, 2020 7:24 pm EST | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform (FTM CPS). Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CPS: v3.0.2.0 – 3.0.2.1, v3.2.1.0 Refer to the ...read more