What is the severity of CVE-2017-1378?

CVE-2017-1378 has been classified as a medium severity vulnerability due to the exposure of unencrypted login credentials.

How do I fix CVE-2017-1378?

Fix CVE-2017-1378 by upgrading to a patched version of IBM Spectrum Protect, which addresses the issue of credential exposure.

Which versions of IBM Spectrum Protect are affected by CVE-2017-1378?

CVE-2017-1378 affects IBM Spectrum Protect versions 7.1 and 8.1, specifically including multiple listed minor releases.

What type of data is exposed due to CVE-2017-1378?

CVE-2017-1378 exposes unencrypted login credentials for VMware vCenter in the application trace output.

Who can exploit the vulnerability CVE-2017-1378?

The vulnerability CVE-2017-1378 can be exploited by any local user who has access to the application trace output.

Vulnerability/
CVE-2017-1378

high

7.8

CWE

522

5/10/2017

17/9/2024

CVE-2017-1378

First published: Thu Oct 05 2017(Updated: )

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Storage Manager	=6.1
IBM Tivoli Storage Manager	=6.1.0
IBM Tivoli Storage Manager	=6.1.1
IBM Tivoli Storage Manager	=6.1.2
IBM Tivoli Storage Manager	=6.1.3
IBM Tivoli Storage Manager	=6.1.4
IBM Tivoli Storage Manager	=6.1.5
IBM Tivoli Storage Manager	=6.1.5.4
IBM Tivoli Storage Manager	=6.1.5.5
IBM Tivoli Storage Manager	=6.1.5.6
IBM Tivoli Storage Manager	=6.2.0
IBM Tivoli Storage Manager	=6.2.1
IBM Tivoli Storage Manager	=6.2.2
IBM Tivoli Storage Manager	=6.2.3
IBM Tivoli Storage Manager	=6.2.4
IBM Tivoli Storage Manager	=6.3
IBM Tivoli Storage Manager	=6.3.0.5
IBM Tivoli Storage Manager	=6.3.0.15
IBM Tivoli Storage Manager	=6.3.0.17
IBM Tivoli Storage Manager	=6.3.1
IBM Tivoli Storage Manager	=6.3.1.2
IBM Tivoli Storage Manager	=6.3.2.2
IBM Tivoli Storage Manager	=6.3.3
IBM Tivoli Storage Manager	=6.3.4
IBM Tivoli Storage Manager	=6.3.5
IBM Tivoli Storage Manager	=6.3.5.1
IBM Tivoli Storage Manager	=6.3.6
IBM Tivoli Storage Manager	=6.3.6.100
IBM Tivoli Storage Manager	=6.4.1
IBM Tivoli Storage Manager	=6.4.1.0
IBM Tivoli Storage Manager	=6.4.2
IBM Tivoli Storage Manager	=6.4.2.100
IBM Tivoli Storage Manager	=6.4.2.200
IBM Tivoli Storage Manager	=6.4.2.500
IBM Tivoli Storage Manager	=6.4.2.600
IBM Tivoli Storage Manager	=6.4.3
IBM Tivoli Storage Manager	=6.4.3.1
IBM Tivoli Storage Manager	=7.1
IBM Tivoli Storage Manager	=7.1..5.100
IBM Tivoli Storage Manager	=7.1.0.1
IBM Tivoli Storage Manager	=7.1.0.2
IBM Tivoli Storage Manager	=7.1.0.3
IBM Tivoli Storage Manager	=7.1.1
IBM Tivoli Storage Manager	=7.1.1.1
IBM Tivoli Storage Manager	=7.1.1.2
IBM Tivoli Storage Manager	=7.1.1.100
IBM Tivoli Storage Manager	=7.1.1.200
IBM Tivoli Storage Manager	=7.1.1.300
IBM Tivoli Storage Manager	=7.1.3
IBM Tivoli Storage Manager	=7.1.3.000
IBM Tivoli Storage Manager	=7.1.3.1
IBM Tivoli Storage Manager	=7.1.3.2
IBM Tivoli Storage Manager	=7.1.3.100
IBM Tivoli Storage Manager	=7.1.4
IBM Tivoli Storage Manager	=7.1.4.1
IBM Tivoli Storage Manager	=7.1.4.2
IBM Tivoli Storage Manager	=7.1.5
IBM Tivoli Storage Manager	=7.1.5.200
IBM Tivoli Storage Manager	=7.1.6
IBM Tivoli Storage Manager	=7.1.6.5
IBM Tivoli Storage Manager	=8.1.0
IBM Tivoli Storage Manager	=8.1.0.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22006215

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1378?
CVE-2017-1378 has been classified as a medium severity vulnerability due to the exposure of unencrypted login credentials.
How do I fix CVE-2017-1378?
Fix CVE-2017-1378 by upgrading to a patched version of IBM Spectrum Protect, which addresses the issue of credential exposure.
Which versions of IBM Spectrum Protect are affected by CVE-2017-1378?
CVE-2017-1378 affects IBM Spectrum Protect versions 7.1 and 8.1, specifically including multiple listed minor releases.
What type of data is exposed due to CVE-2017-1378?
CVE-2017-1378 exposes unencrypted login credentials for VMware vCenter in the application trace output.
Who can exploit the vulnerability CVE-2017-1378?
The vulnerability CVE-2017-1378 can be exploited by any local user who has access to the application trace output.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/severity
agent/weakness
agent/remedy
agent/author
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm tivoli storage manager
version/ibm tivoli storage manager/6.1
version/ibm tivoli storage manager/6.1.0
version/ibm tivoli storage manager/6.1.1
version/ibm tivoli storage manager/6.1.2
version/ibm tivoli storage manager/6.1.3
version/ibm tivoli storage manager/6.1.4
version/ibm tivoli storage manager/6.1.5
version/ibm tivoli storage manager/6.1.5.4
version/ibm tivoli storage manager/6.1.5.5
version/ibm tivoli storage manager/6.1.5.6
version/ibm tivoli storage manager/6.2.0
version/ibm tivoli storage manager/6.2.1
version/ibm tivoli storage manager/6.2.2
version/ibm tivoli storage manager/6.2.3
version/ibm tivoli storage manager/6.2.4
version/ibm tivoli storage manager/6.3
version/ibm tivoli storage manager/6.3.0.5
version/ibm tivoli storage manager/6.3.0.15
version/ibm tivoli storage manager/6.3.0.17
version/ibm tivoli storage manager/6.3.1
version/ibm tivoli storage manager/6.3.1.2
version/ibm tivoli storage manager/6.3.2.2
version/ibm tivoli storage manager/6.3.3
version/ibm tivoli storage manager/6.3.4
version/ibm tivoli storage manager/6.3.5
version/ibm tivoli storage manager/6.3.5.1
version/ibm tivoli storage manager/6.3.6
version/ibm tivoli storage manager/6.3.6.100
version/ibm tivoli storage manager/6.4.1
version/ibm tivoli storage manager/6.4.1.0
version/ibm tivoli storage manager/6.4.2
version/ibm tivoli storage manager/6.4.2.100
version/ibm tivoli storage manager/6.4.2.200
version/ibm tivoli storage manager/6.4.2.500
version/ibm tivoli storage manager/6.4.2.600
version/ibm tivoli storage manager/6.4.3
version/ibm tivoli storage manager/6.4.3.1
version/ibm tivoli storage manager/7.1
version/ibm tivoli storage manager/7.1..5.100
version/ibm tivoli storage manager/7.1.0.1
version/ibm tivoli storage manager/7.1.0.2
version/ibm tivoli storage manager/7.1.0.3
version/ibm tivoli storage manager/7.1.1
version/ibm tivoli storage manager/7.1.1.1
version/ibm tivoli storage manager/7.1.1.2
version/ibm tivoli storage manager/7.1.1.100
version/ibm tivoli storage manager/7.1.1.200
version/ibm tivoli storage manager/7.1.1.300
version/ibm tivoli storage manager/7.1.3
version/ibm tivoli storage manager/7.1.3.000
version/ibm tivoli storage manager/7.1.3.1
version/ibm tivoli storage manager/7.1.3.2
version/ibm tivoli storage manager/7.1.3.100
version/ibm tivoli storage manager/7.1.4
version/ibm tivoli storage manager/7.1.4.1
version/ibm tivoli storage manager/7.1.4.2
version/ibm tivoli storage manager/7.1.5
version/ibm tivoli storage manager/7.1.5.200
version/ibm tivoli storage manager/7.1.6
version/ibm tivoli storage manager/7.1.6.5
version/ibm tivoli storage manager/8.1.0
version/ibm tivoli storage manager/8.1.0.2

CVE-2017-1378

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1378?

How do I fix CVE-2017-1378?

Which versions of IBM Spectrum Protect are affected by CVE-2017-1378?

What type of data is exposed due to CVE-2017-1378?

Who can exploit the vulnerability CVE-2017-1378?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-1378?

How do I fix CVE-2017-1378?

Which versions of IBM Spectrum Protect are affected by CVE-2017-1378?

What type of data is exposed due to CVE-2017-1378?

Who can exploit the vulnerability CVE-2017-1378?