Response to IBM security announcement of vulnerabilities in the TSM Client

An IBM security announcement has identified two separate vulnerabilities in the TSM client.  This web page is intended to help EZ-Backup technical support providers identify and patch systems running TSM versions that are affected by these vulnerabilities.

IBM Announcement

Text of IBM's announcement

Vulnerabilities exist in the following TSM client features:

• Web Client GUI (not used at Cornell)
• CAD-managed scheduling
• prompted scheduling

All other client interfaces, such as the Backup/Archive command line and GUI, are unaffected. IBM has issued client updates to address the vulnerabilities in all supported releases.

All version 5 clients on all platforms have the potential to be vulnerable depending on how they are configured. Here is a list of affected versions:

• Version 5, Release 4, Levels 0.0 - 1.1
• Version 5, Release 3, Levels 0.0 - 5.2
• Version 5, Release 2, Levels 0.0 - 5.1
• Version 5, Release 1, Levels 0.0 - 8.0

Guide to Identifying Affected Systems at Cornell

Determine if your systems are vulnerable using the chart below. If vulnerable, please follow the directions in the link on the right under the Remedy column. If not vulnerable, no action is required, although we recommend upgrading to the most current version of TSM.

Note: All version 5 clients on all platforms have the potential to be vulnerable depending on how they are configured.