Security Bulletin
Summary
The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager HSM for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, and IBM Tivoli Storage Manager for Virtual Environments. Information about a security vulnerability affecting the IBM Tivoli Manager Client/API has been published in a security bulletin.
Vulnerability Details
Consult the security bulletin Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371) for vulnerability details and information about the fixes
Affected Products and Versions
|
Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage FlashCopy Manager (IBM Spectrum Protect Snapshot) for Windows version 4.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage FlashCopy Manager for Windows version 3.2 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage FlashCopy Manager for Windows version 3.1 | Tivoli Storage Manager Client/API version 6.3 |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Manager HSM for Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Manager HSM for Windows version 6.3 and below | Release 6.3 (and below) are end of support and end of life cycle. Customers should upgrade to a fixed level (7.1 or 6.4) |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 5.5 (End of Life Cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| Tivoli Storage Manager for Databases: Data Protection for Oracle (IBM Spectrum Protect for Databases) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| Tivoli Storage Manager for Databases: Data Protection for Oracle version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| Tivoli Storage Manager for Databases: Data Protection for Oracle version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| Tivoli Storage Manager for Databases: Data Protection for Oracle version 5.5 (End of Life Cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (IBM Spectrum Protect for Mail) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 5.5 (End of life cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino (IBM Spectrum Protect for Mail) on Windows version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
| IBM Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 5.5 (End of life cycle 4/30/2017) | Tivoli Storage Manager Client/API version 5.5 Any newer fixed version of the Client/API can be used (e.g., 7.1, 6.4, or 6.3). |
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.4 | Tivoli Storage Manager Client/API version 6.4 |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware version 6.3 | Tivoli Storage Manager Client/API version 6.3 |
.
| Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Tivoli Storage Manager for Virtual Environments: Data Protection for Microsoft Hyper-V (IBM Spectrum Protect for Virtual Environments) version 7.1 | Tivoli Storage Manager Client/API version 7.1 |
Remediation/Fixes
Refer to the security bulletin Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)
Workarounds and Mitigations
Refer to the security bulletin Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)
Get Notified about Future Security Bulletins
References
Off
Acknowledgement
None
Change History
04 November 2016 - Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
[{"Product":{"code":"SS36V9","label":"Tivoli Storage FlashCopy Manager"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"3.1;3.2;4.1","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"SSATMW","label":"Tivoli Storage Manager HSM for Windows"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"PF033","label":"Windows"}],"Version":"6.3;6.4;7.1","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"SSTFZR","label":"Tivoli Storage Manager for Databases"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"5.5;6.3;6.4","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"SSTG2D","label":"Tivoli Storage Manager for Mail"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"5.5;6.3;6.4;7.1","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"SS8TDQ","label":"Tivoli Storage Manager for Virtual Environments"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.3;6.4;7.1","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21993558