CVE-2017-1339

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect versions 7.1 through 8.1

Description The issue concerns the use of weak encryption for passwords in IBM Spectrum Protect Server, which could allow a database administrator to decrypt client or administrator passwords. This may lead to information disclosure or a denial of service.

Recommendations For IBM Spectrum Protect versions 7.1 through 8.1, consider changing the password encryption method to a stronger one to prevent potential decryption by a database administrator. As a temporary workaround, restrict access to sensitive data and limit database administrator privileges until a more secure encryption method is implemented.