Security Bulletin
Summary
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API is used as a component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Windows, IBM Spectrum Protect (formerly Tivoli Storage Manager) for Databases, IBM Spectrum Protect (formerly Tivoli Storage Manager) for Mail, and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Enterprise Resource Planning. Information about security vulnerabilities affecting the IBM Spectrum Protect (Tivoli Storage Manager) Client/API have been published in security bulletins.
Vulnerability Details
Consult the following security bulletins for vulnerability details and information about the IBM Spectrum Protect (Tivoli Storage Manager) Client/API fixes:
- http://www.ibm.com/support/docview.wss?uid=swg22007935
- http://www.ibm.com/support/docview.wss?uid=swg22003738
Affected Products and Versions
Principal Product and Version(s) | Affected Supporting Product and Version |
IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Windows version 8.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client version 8.1 |
IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Windows version 4.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client version 7.1. |
Tivoli Storage FlashCopy Manager for Windows version 3.2 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Principal Product and Version(s) | Affected Supporting Product and Version |
IBM Spectrum Protect for Databases (formerly Tivoli Storage Manager for Databases): Data Protection for Microsoft SQL Server version 8.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 8.1 |
IBM Spectrum Protect for Databases (formerly Tivoli Storage Manager for Databases): Data Protection for Microsoft SQL Server version 7.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1 |
Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server version 6.4 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Principal Product and Version(s) | Affected Supporting Product and Version |
IBM Spectrum Protect for Databases (formerly Tivoli Storage Manager for Databases): Data Protection for Oracle version 8.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 8.1 |
IBM Spectrum Protect for Databases (formerly Tivoli Storage Manager for Databases): Data Protection for Oracle version 7.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1 |
Tivoli Storage Manager for Databases: Data Protection for Oracle version 6.4 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Principal Product and Version(s) | Affected Supporting Product and Version |
IBM Spectrum Protect for Mail (formerly Tivoli Storage Manager for Mail): Data Protection for Microsoft Exchange Server version 8.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 8.1 |
IBM Spectrum Protect for Mail (formerly Tivoli Storage Manager for Mail): Data Protection for Microsoft Exchange Server version 7.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1 |
Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server version 6.4 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Principal Product and Version(s) | Affected Supporting Product and Version |
Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 7.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1 |
Tivoli Storage Manager for Mail: Data Protection for Domino on Windows version 6.4 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Principal Product and Version(s) | Affected Supporting Product and Version |
IBM Spectrum Protect for Enterprise Resource Planning (formerly Tivoli Storage Manager for Enterprise Resource Planning): Data Protection for SAP for Oracle version 8.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 8.1 |
IBM Spectrum Protect for Enterprise Resource Planning (formerly Tivoli Storage Manager for Enterprise Resource Planning): Data Protection for SAP for Oracle version 7.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1 |
Tivoli Storage Manager for Enterprise Resource Planning: Data Protection for SAP for Oracle 6.4 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Principal Product and Version(s) | Affected Supporting Product and Version |
IBM Spectrum Protect for Enterprise Resource Planning (formerly Tivoli Storage Manager for Enterprise Resource Planning): Data Protection for SAP for DB2 version 8.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 8.1 |
IBM Spectrum Protect for Enterprise Resource Planning (formerly Tivoli Storage Manager for Enterprise Resource Planning): Data Protection for SAP for DB2 version 7.1 | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client/API version 7.1 |
Tivoli Storage Manager for Enterprise Resource Planning: Data Protection for SAP for DB2 6.4 and below are EOS. IBM recommends upgrading to a supported level. | Tivoli Storage Manager Client/API version 6.4 and below are EOS. IBM recommends upgrading to a supported level. |
Remediation/Fixes
Refer to the following security bulletins:
- http://www.ibm.com/support/docview.wss?uid=swg22007935
- http://www.ibm.com/support/docview.wss?uid=swg22003738
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
02 October 2017 - Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
01 February 2022
UID
swg22008305