CVE-2018-1550

CWE-269 — Improper Privilege Management CWE-770 — Allocation without Limits5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 89.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager IBM Tivoli Storage Manager FOR Space Management IBM Tivoli Storage Manager FOR Virtual Environments +1 more

Timeline

PublishedSep 26

Latest updateMay 13

Description

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/spectrum_protect7.1, 8.1+1

▶NVDibm/tivoli_storage_manager7.1.8.0 — 7.1.8.2+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-x5pr-fj3f-vq27: IBM Spectrum Protect 7↗2022-05-13

▶

CVEList

CVE-2018-1550: IBM Spectrum Protect 7↗2018-09-26

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability↗2018-10-03

▶

💬Community

Bugzilla

CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash↗2018-02-07

▶