The following are News Flashes and Problem Solving Hints provided by the The IBM Spectrum Protect Team.

NOTE: IBM does not endorse or support this site in any way. Lascon Storage is totally independent, and the links below are provided in good faith.


IBM Spectrum Protect News and Technical Flashes

Some of these links require an IBM login.

June 2019

APARs IT28096 and IT29362 may affect directory-container and cloud-container storage pools which can result in damaged deduplicated extents (chunks)

The IBM Spectrum Protect backup-archive client and the IBM Spectrum Protect for Space Management client can incorrectly store atime, mtime, or ctime time stamps of files on the IBM Spectrum Protect server if the time stamp is earlier than January 1970.

May 2019

No news flashes for May

April 2019

When tracing is enabled, the IBM Spectrum Protect Backup-Archive Client trace file may display the password in plain text. This affects the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client

IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client and IBM Spectrum Protect for Virtual Environments on Windows are affected by a password exposure vulnerability caused by insecure file permissions.

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Web interface is vulnerable to a clickjacking attack that could allow a remote attacker to hijack the clicking action of the victim.

Multiple vulnerabilities in IBM Runtime Environment Java were disclosed as part of the IBM Java SDK updates in October 2018. IBM Runtime Environment Java is used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client

OpenSSL vulnerabilities were disclosed on April 16, 2018, June 16, 2018. and October 30, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client for network connections

OpenSSL vulnerabilities were disclosed on April 16, 2018 and June 16, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client and IBM Spectrum Protect for Virtual Environments

Potential overwrite of newly ingested chunks in a directory container storage pool. Under certain circumstances, the IBM Spectrum Protect Server might overwrite newly ingested chunks in a container.

March 2019

Files and directories restored using the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface on Windows may have incorrect permissions.

February 2019

The IBM Spectrum Protect Server is affected by multiple IBM Db2 vulnerabilities that could allow local users to overwrite files owned by the Db2 instance owner, execution of arbitrary code on the system, or an elevation of privileges.

There are multiple vulnerabilities in IBM Runtime Environment Java used by the IBM Spectrum Protect Server. These issues were disclosed as part of the IBM Java SDK updates in October 2018.

The IBM Spectrum Protect Server is affected by multiple IBM Db2 vulnerabilities. These Db2 vulnerabilities could allow a local user to gain elevated privileges, read any file on the system, or execute arbitrary code on the system.

IBM Spectrum Protect (formerlyTivoli Storage Manager) Unix Clients may use a symbolic link to provide non-privileged users access to files that require root privileges.

There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client. The IBM Spectrum Protect Client has addressed the applicable CVEs.

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client, IBM Spectrum Protect: Data Protection for VMware, and IBM Spectrum Protect for Space Management could allow a local user to corrupt or delete sensitive information.

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments), allow legacy SSL/TLS protocols and ciphers to be used.

IBM Spectrum Protect (formerly Tivoli Storage Manager) and IBM Spectrum Protect for Virtual Environments allow Triple DES (3DES) ciphers to be used. This can result in the use of weaker than expected cryptographic algorithms.

IBM Spectrum Protect (formerly Tivoli Storage Manager) is vulnerable to an offline dictionary attack due to information disclosed during authentication. An attacker can gain full access to the IBM Spectrum Protect system

IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments is vulnerable to a denial of service caused by incorrect accumulation of TCP/IP sockets in a CLOSE_WAIT state.

Under certain conditions, it is possible directory-container file pointers might be inadvertently removed from the IBM Spectrum Protect Server database.

January 2019

The IBM Spectrum Protect Server is affected by an IBM Db2 vulnerability that could allow a local user to overwrite arbitrary files owned by the Db2 instance owner. UPDATED 1/16/2019

There are multiple vulnerabilities in IBM Runtime Environment Java used by the IBM Spectrum Protect Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. UPDATED 1/16/2019

There are multiple vulnerabilities in IBM Runtime Environment Java used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server.

When tracing is enabled, some passwords may be displayed in the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server trace file.

Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297)

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Services (CVE-2017-10115, CVE-2017-10116)

Problem-Solving Resources Online

These pages contain details about various key IBM Spectrum Protect documents, fix packs, versions, announcements and end of support data


IBM SP , IBM SP EE, and SSAM (includes server and client)
IBM SPfor Databases (includes Data Protection for Oracle and Data Product for SQL)
IBM SP for Enterprise Resource Planning (ERP)
IBM SP for Mail (includes Data Protection for Domino and Data Protection for Exchange)
IBM SP for Virtual Environments (includes Data Protection for VMware and Data Protection for Microsoft Hyper-V)
IBM Spectrum Protect Snapshot (Storage FlashCopy Manager)
IBM Spectrum Protect Snapshot (Storage FlashCopy Manager) - All Requirements Document

back to top


TSM pages

Lascon latest major updates

Welcome to Lascon Storage. This site provides hints and tips on how to manage your data, strategic advice and news items.