High Severity

IBM Security Bulletin: Offline dictionary attack vulnerability in IBM Spectrum Protect (formerly Tivoli Storage Manager) (CVE-2016-8937)

Share this post:

IBM Spectrum Protect (formerly Tivoli Storage Manager) is vulnerable to an offline dictionary attack due to information disclosed during authentication. An attacker can gain full access to the IBM Spectrum Protect system allowing them to perform operations they may not be authorized to perform.

CVE(s): CVE-2016-8937

Affected product(s) and affected version(s):

This vulnerability affects the following products:

IBM Spectrum Protect (formerly Tivoli Storage Manager) Client

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

IBM Spectrum Protect (formerly Tivoli Storage Manager) Server

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.3 and below all levels (these releases are EOS)
    Note that 6.4 shipped with 6.3 servers

IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for Hyper-V

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x

IBM Spectrum Protect for Space Management (formerly Tivoli Storage Manager for Space Management:

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

IBM Spectrum Protect HSM for Windows (formerly Tivoli Storage Manager HSM for Windows)

  • 8.1.0.0 through 8.1.1.x
  • 7.1.0.0 through 7.1.7.x
  • 6.4 and below all levels (these releases are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22007935
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118750

More stories

Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)

September 26, 2022 | High Severity

Apache Commons Fileupload is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastucture. Information about security vulnerabilities affecting Apache Commons Fileupload has been published in a security bulletin. ...read more


Security Bulletin: A vulnerability in FasterXML Woodstox affects IBM Tivoli Business Service Manager (220573)

September 26, 2022 | High Severity

FasterXML Woodstox is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML processor insfrastructure. Information about security vulnerabilities affecting FasterXML Woodstox has been published in a security bulletin. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

September 22, 2022 | High Severity

There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. ...read more