Security Bulletin
Summary
The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, IBM Tivoli Storage Manager HSM for Windows, and IBM Tivoli Storage Manager for Virtual Environments. Information about a security vulnerability affecting the IBM Tivoli Manager Client/API has been published in a security bulletin.
Bulletin update: TSM 7.1.5 server and 7.1.4.4 AIX, Linux x86, Windows client fixes are available.
Vulnerability Details
Consult the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201) for vulnerability details and information about the fixes.
Affected Products and Versions
|
Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage FlashCopy Manager (IBM Spectrum Protect Snapshot) for Windows version 4.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage FlashCopy Manager for Windows version 3.2 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage FlashCopy Manager for Windows version 3.1 | Tivoli Storage Manager Client/API version 6.3 |
.
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 5.5 (End of Life Cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| Tivoli Storage Manager for Databases: Data Protection for Oracle (IBM Spectrum Protect for Databases) on Windows version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| Tivoli Storage Manager for Databases: Data Protection for Oracle on Windows version 5.5 (End of Life Cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (IBM Spectrum Protect for Mail) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 5.5 (End of life cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino (IBM Spectrum Protect for Mail) on Windows version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 5.5 (End of life cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Manager HSM for Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Manager HSM for Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
.
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V (IBM Spectrum Protect for Virtual Environments) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
Remediation/Fixes
Refer to the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)
Workarounds and Mitigations
Refer to the security bulletin A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)
Get Notified about Future Security Bulletins
References
Change History
03 March 2016: Original version published
21 March 2016: Updated the TSM security bulletin "A vulnerability in the GSKit component of IBM Tivoli Storage Manager (CVE-2016-0201)" with the TSM 7.1.5 server and 7.1.4.4 AIX, Linux x86, Windows client fixes.
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21977468