Detections
Analytics

IBM Spectrum Protect 7.1.x < 7.1.9.300 / 8.1.x < 8.1.8 Multiple Vulnerabilities

high Nessus Plugin ID 126987

Language:

Synopsis

The backup service installed on the remote host is affected by multiple vulnerabilities.

Description

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < 7.1.9.300 or 8.1.x < 8.1.8. It is, therefore, affected by multiple IBM Db2 remote code execution and privilege escalation vulnerabilities. These vulnerabilities could allow an attacker to gain system-level access to the affected host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to IBM Spectrum Protect 7.1.9.300 or 8.1.8 or later.

See Also

http://www.ibm.com/support/docview.wss?uid=ibm10882974

Plugin Details

Severity: High

ID: 126987

File Name: ibm_spectrum_protect_8_1_8.nasl

Version: 1.5

Type: combined

Family: General

Published: 7/24/2019

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-4094

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager, x-cpe:/a:ibm:spectrum_protect

Exploit Ease: No known exploits are available

Patch Publication Date: 6/28/2019

Vulnerability Publication Date: 6/28/2019

Reference Information

CVE: CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094

BID: 107398, 107439, 107686, 107985