The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE
IBM Tivoli Storage Manager 6.1
IBM Tivoli Storage Manager 6.1.0
IBM Tivoli Storage Manager 6.1.1
IBM Tivoli Storage Manager 6.1.2
IBM Tivoli Storage Manager 6.1.3
IBM Tivoli Storage Manager 6.1.4
IBM Tivoli Storage Manager 6.1.5
IBM Tivoli Storage Manager 6.1.5.4
IBM Tivoli Storage Manager 6.1.5.5
IBM Tivoli Storage Manager 6.1.5.6
IBM Tivoli Storage Manager 6.2.0
IBM Tivoli Storage Manager 6.2.1
IBM Tivoli Storage Manager 6.2.2
IBM Tivoli Storage Manager 6.2.3
IBM Tivoli Storage Manager 6.2.4
IBM Tivoli Storage Manager 6.3
IBM Tivoli Storage Manager 6.3.0.5
IBM Tivoli Storage Manager 6.3.0.15
IBM Tivoli Storage Manager 6.3.0.17
IBM Tivoli Storage Manager 6.3.1
IBM Tivoli Storage Manager 6.3.1.2
IBM Tivoli Storage Manager 6.3.2.2
Ibm Tivoli storage manager 6.3.3 (not an official CPE)
Ibm Tivoli storage manager 6.3.4 (not an official CPE)
Ibm Tivoli storage manager 6.3.5 (not an official CPE)
Ibm Tivoli storage manager 6.3.5.1 (not an official CPE)
Ibm Tivoli storage manager 6.3.6 (not an official CPE)
Ibm Tivoli storage manager 6.3.6.100 (not an official CPE)
Ibm Tivoli storage manager 6.4.1 (not an official CPE)
Ibm Tivoli storage manager 6.4.1.0 (not an official CPE)
Ibm Tivoli storage manager 6.4.2 (not an official CPE)
Ibm Tivoli storage manager 6.4.2.100 (not an official CPE)
Ibm Tivoli storage manager 6.4.2.200 (not an official CPE)
Ibm Tivoli storage manager 6.4.2.500 (not an official CPE)
Ibm Tivoli storage manager 6.4.2.600 (not an official CPE)
Ibm Tivoli storage manager 6.4.3 (not an official CPE)
Ibm Tivoli storage manager 6.4.3.1 (not an official CPE)
IBM Tivoli Storage Manager 7.1
Ibm Tivoli storage manager 7.1..5.100 (not an official CPE)
IBM Tivoli Storage Manager 7.1.0.1
IBM Tivoli Storage Manager 7.1.0.2
IBM Tivoli Storage Manager 7.1.0.3
IBM Tivoli Storage Manager 7.1.1
IBM Tivoli Storage Manager 7.1.1.1
Ibm Tivoli storage manager 7.1.1.2 (not an official CPE)
Ibm Tivoli storage manager 7.1.1.100 (not an official CPE)
Ibm Tivoli storage manager 7.1.1.200 (not an official CPE)
Ibm Tivoli storage manager 7.1.1.300 (not an official CPE)
Ibm Tivoli storage manager 7.1.3 (not an official CPE)
Ibm Tivoli storage manager 7.1.3.000 (not an official CPE)
Ibm Tivoli storage manager 7.1.3.1 (not an official CPE)
Ibm Tivoli storage manager 7.1.3.2 (not an official CPE)
Ibm Tivoli storage manager 7.1.3.100 (not an official CPE)
Ibm Tivoli storage manager 7.1.4 (not an official CPE)
Ibm Tivoli storage manager 7.1.4.1 (not an official CPE)
Ibm Tivoli storage manager 7.1.4.2 (not an official CPE)
Ibm Tivoli storage manager 7.1.5 (not an official CPE)
Ibm Tivoli storage manager 7.1.5.200 (not an official CPE)
Ibm Tivoli storage manager 7.1.6 (not an official CPE)
Ibm Tivoli storage manager 7.1.7 (not an official CPE)
Ibm Tivoli storage manager 7.1.7.100 (not an official CPE)
Ibm Tivoli storage manager 7.1.7.200 (not an official CPE)
Ibm Tivoli storage manager 8.1.0 (not an official CPE)
Ibm Tivoli storage manager 8.1.1 (not an official CPE)
Ibm Tivoli storage manager 8.1.1.100 (not an official CPE)
Advisory | Patch | Confirmed | Link |
---|---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/118... | |||
http://www.ibm.com/support/docview.wss?uid=swg22007935 |