IBM Spectrum Protect 7.1.x < / 8.1.x < 8.1.8 Multiple Vulnerabilities

High Nessus Plugin ID 126987


The backup service installed on the remote host is affected by multiple vulnerabilities.


IBM Spectrum Protect, formerly known as Tivoli Storage Manager, installed on the remote host is version 7.1.x < or 8.1.x < 8.1.8. It is, therefore, affected by multiple IBM Db2 remote code execution and privilege escalation vulnerabilities. These vulnerabilities could allow an attacker to gain system-level access to the affected host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to IBM Spectrum Protect or 8.1.8 or later.

See Also

Plugin Details

Severity: High

ID: 126987

File Name: ibm_spectrum_protect_8_1_8.nasl

Version: 1.3

Type: combined

Family: General

Published: 2019/07/24

Updated: 2020/02/28

Dependencies: 25656, 100719

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2019-4094

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager, x-cpe:/a:ibm:spectrum_protect

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/06/28

Vulnerability Publication Date: 2019/06/28

Reference Information

CVE: CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980, CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094

BID: 107398, 107439, 107686, 107985