CVE-2018-2025
First published: Fri Nov 22 2019(Updated: )
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client | <=8.1.0.0-8.1.8.0 7.1.0.0-7.1.8.5 | |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware | <=8.1.0.0-8.1.8.0 7.1.0.0-7.1.8.5 | |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V | <=8.1.0.0-8.1.8.0 7.1.0.0-7.1.8.0 | |
| IBM Spectrum Protect | >=7.1.0.0<=7.1.8.5 | |
| IBM Spectrum Protect | >=8.1.0.0<=8.1.8.0 | |
| Ibm Spectrum Protect For Virtual Environments | >=7.1.0.0<=7.1.8.5 | |
| Ibm Spectrum Protect For Virtual Environments | >=7.1.0.0<=7.1.8.5 | |
| Ibm Spectrum Protect For Virtual Environments | >=8.1.0.0<=8.1.8.0 | |
| Ibm Spectrum Protect For Virtual Environments | >=8.1.0.0<=8.1.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-2025?
CVE-2018-2025 is a vulnerability in IBM Spectrum Protect Client that creates directories/files in the CIT sub directory that are readable/writable by everyone.
What is the severity of CVE-2018-2025?
CVE-2018-2025 has a severity score of 5.1, which is classified as medium severity.
How does CVE-2018-2025 affect IBM Spectrum Protect Client?
CVE-2018-2025 affects IBM Spectrum Protect Client by creating directories/files in the CIT sub directory that are read/writable by everyone.
What software versions are affected by CVE-2018-2025?
IBM Spectrum Protect Client versions 7.1.0.0-7.1.8.5 and 8.1.0.0-8.1.8.0 are affected by CVE-2018-2025.
How can I fix CVE-2018-2025?
To fix CVE-2018-2025, upgrade to a version of IBM Spectrum Protect Client that is not affected (i.e., version higher than 7.1.8.5 or 8.1.8.0).
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm spectrum protect
- version/ibm spectrum protect/7.1.0.0
- version/ibm spectrum protect/7.1.8.5
- version/ibm spectrum protect/8.1.0.0
- version/ibm spectrum protect/8.1.8.0
- canonical/ibm spectrum protect for virtual environments
- version/ibm spectrum protect for virtual environments/7.1.0.0
- version/ibm spectrum protect for virtual environments/7.1.8.5
- version/ibm spectrum protect for virtual environments/8.1.0.0
- version/ibm spectrum protect for virtual environments/8.1.8.0
- canonical/ibm spectrum protect (formerly tivoli storage manager) backup-archive client
- version/ibm spectrum protect (formerly tivoli storage manager) backup-archive client/8.1.0.0-8.1.8.0 7.1.0.0-7.1.8.5
- canonical/ibm spectrum protect (formerly tivoli storage manager) for virtual environments: data protection for vmware
- version/ibm spectrum protect (formerly tivoli storage manager) for virtual environments: data protection for vmware/8.1.0.0-8.1.8.0 7.1.0.0-7.1.8.5
- canonical/ibm spectrum protect (formerly tivoli storage manager) for virtual environments: data protection for hyper-v
- version/ibm spectrum protect (formerly tivoli storage manager) for virtual environments: data protection for hyper-v/8.1.0.0-8.1.8.0 7.1.0.0-7.1.8.0