The following are News Flashes and Problem Solving Hints provided by the The IBM Tivoli Storage Manager Team.

NOTE: IBM does not endorse or support this site in any way. Lascon Storage is totally independent, and the links below are provided in good faith.


TSM News and Technical Flashes

Some of these links require an IBM login.

April 2019

When tracing is enabled, the IBM Spectrum Protect Backup-Archive Client trace file may display the password in plain text. This affects the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client

IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client and IBM Spectrum Protect for Virtual Environments on Windows are affected by a password exposure vulnerability caused by insecure file permissions.

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim.

Multiple vulnerabilities in IBM Runtime Environment Java were disclosed as part of the IBM Java SDK updates in October 2018. IBM Runtime Environment Java is used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client

OpenSSL vulnerabilities were disclosed on April 16, 2018, June 16, 2018. and October 30, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client for network connections

OpenSSL vulnerabilities were disclosed on April 16, 2018 and June 16, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client and IBM Spectrum Protect for Virtual Environments

Potential overwrite of newly ingested chunks in a directory container storage pool. Under certain circumstances, the IBM Spectrum Protect Server might overwrite newly ingested chunks in a container.

March 2019

Files and directories restored using the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface on Windows may have incorrect permissions.

February 2019

The IBM Spectrum Protect Server is affected by multiple IBM Db2 vulnerabilities that could allow local users to overwrite files owned by the Db2 instance owner, execution of arbitrary code on the system, or an elevation of privileges.

There are multiple vulnerabilities in IBM Runtime Environment Java used by the IBM Spectrum Protect Server. These issues were disclosed as part of the IBM Java SDK updates in October 2018.

The IBM Spectrum Protect Server is affected by multiple IBM Db2 vulnerabilities. These Db2 vulnerabilities could allow a local user to gain elevated privileges, read any file on the system, or execute arbitrary code on the system.

IBM Spectrum Protect (formerlyTivoli Storage Manager) Unix Clients may use a symbolic link to provide non-privileged users access to files that require root privileges.

There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client. The IBM Spectrum Protect Client has addressed the applicable CVEs.

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client, IBM Spectrum Protect: Data Protection for VMware, and IBM Spectrum Protect for Space Management could allow a local user to corrupt or delete sensitive information.

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments), allow legacy SSL/TLS protocols and ciphers to be used.

IBM Spectrum Protect (formerly Tivoli Storage Manager) and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.

IBM Spectrum Protect (formerly Tivoli Storage Manager) is vulnerable to an offline dictionary attack due to information disclosed during authentication. An attacker can gain full access to the IBM Spectrum Protect system

IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments is vulnerable to a denial of service caused by incorrect accumulation of TCP/IP sockets in a CLOSE_WAIT state.

Under certain conditions, it is possible directory-container file pointers might be inadvertently removed from the IBM Spectrum Protect Server database.

January 2019

The IBM Spectrum Protect Server is affected by an IBM Db2 vulnerability that could allow a local user to overwrite arbitrary files owned by the Db2 instance owner. UPDATED 1/16/2019

There are multiple vulnerabilities in IBM Runtime Environment Java used by the IBM Spectrum Protect Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. UPDATED 1/16/2019

There are multiple vulnerabilities in IBM Runtime Environment Java used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server.

When tracing is enabled, some passwords may be displayed in the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server trace file.

Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297)

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Services (CVE-2017-10115, CVE-2017-10116)

Problem-Solving Resources Online

These pages contain details about various key TSM documents, fix packs, versions, announcements and end of support data


TSM, TSM EE, and SSAM (includes server and client)
TSM for Databases (includes Data Protection for Oracle and Data Product for SQL)
TSM for Enterprise Resource Planning (ERP)
TSM for Mail (includes Data Protection for Domino and Data Protection for Exchange)
TSM for Virtual Environments (includes Data Protection for VMware and Data Protection for Microsoft Hyper-V)
IBM Spectrum Protect Snapshot (Storage FlashCopy Manager)
IBM Spectrum Protect Snapshot (Storage FlashCopy Manager) - All Requirements Document

back to top


TSM pages

Lascon latest major updates

Welcome to Lascon Storage. This site provides hints and tips on how to manage your data, strategic advice and news items.