Medium Severity

Security Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025)

Share this post:

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client creates directories/files in the CIT directory that have insecure permissions.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client 8.1.0.0-8.1.8.0            
7.1.0.0-7.1.8.5
IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments:
Data Protection for VMware
8.1.0.0-8.1.8.0
7.1.0.0-7.1.8.5
IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments:
Data Protection for Hyper-V
8.1.0.0-8.1.8.0
7.1.0.0-7.1.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1107261

More stories

Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2019-4557)

Feb 24, 2020 7:00 pm EST | Medium Severity

IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information stored in the app ...read more


Security Bulletin: IBM QRadar Advisor With Watson App for IBM QRadar SIEM uses weaker than expected cryptographic algorithms (CVE-2019-4557)

Feb 24, 2020 7:00 pm EST | Medium Severity

IBM QRadar Advisor with Watson App for IBM QRadar SIEM could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. ...read more


Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus (CVE-2019-12402).

Feb 22, 2020 7:00 pm EST | Medium Severity

A denial of service vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus. ...read more