Medium Severity

IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769)

Share this post:

IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center my display the password in plain text in the trace file when tracing is turned on.

CVE(s): CVE-2018-1769

Affected product(s) and affected version(s):

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:

  • 8.1.0.000 through 8.1.6.100
  • 7.1.0.000 through 7.1.9.100

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10735281
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148623

More stories

Security Bulletin: IBM OpenPages with Watson has addressed an information disclosure vulnerability (CVE-2020-4536)

May 10, 2021 8:00 pm EDT | Medium Severity

IBM OpenPages with Watson has addressed an information disclosure vulnerability caused by improper validation. ...read more


Security Bulletin: IBM OpenPages with Watson has addressed a cross-site scripting vulnerability (CVE-2020-4535)

May 10, 2021 8:00 pm EDT | Medium Severity

IBM OpenPages with Watson has addressed a cross-site scripting vulnerability caused by improper validation. ...read more


Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577

May 7, 2021 8:00 pm EDT | Medium Severity

IBM Cloud Pak for Security versions 1.5.0.1 and earlier is vulnerable to the following CVEs: CVE-2021-20538, meaning that sensitive information can be obtained by the user without sufficient authorisation. CVE-2021-20577, allowing cross side scripting that can potentially lead to credentials disclosure. These are addressed in CP4S 1.6.0.0 and later versions ...read more