Kęstutis Gudinavičius

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager versions 7.1 and 8.1 **Description** The default authentication protocol of the IBM Tivoli Storage Manager is susceptible to a brute force attack due to the disclosure of excessive information during the authentication process. This could allow an attacker to obtain user or administrative access to the TSM server. **Recommendations** For versions 7.1 and 8.1, consider changing the default authentication protocol to a more secure alternative to mitigate the risk of brute force attacks. As a temporary workaround, restrict access to the TSM server and limit the number of authentication attempts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager (IBM Spectrum Protect) versions 7.1 and 8.1 **Description** The issue concerns the storage of password information in the Windows Registry by IBM Tivoli Storage Manager clients/agents in a manner that can be compromised. **Recommendations** For versions 7.1 and 8.1, consider restricting access to the Windows Registry to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager (IBM Spectrum Protect) versions 6.1 through 7.1 **Description** The issue arises from insufficient authority checking on SQL queries, allowing an attacker to access database tables not intended for administrative use. This access may lead to the exposure of passwords or other sensitive product information. **Recommendations** For versions 6.1 through 7.1, apply the fix referenced by IBM to ensure proper authority checking on SQL queries, preventing unauthorized access to sensitive database tables.