CVE-2018-1786 — MEDIUM (5.3)

Q: How severe is CVE-2018-1786?

CVE-2018-1786 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1786?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect, Ibm Tivoli Storage Manager, Ibm Spectrum Protect Manager For Virtual Environments Data Protection For Vmware, Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Linux Kernel.

Vulnerability Description

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Ibm	Spectrum Protect	>= 8.1.0.0, <= 8.1.6.0
Ibm	Tivoli Storage Manager	>= 7.1, <= 7.1.8.3
Ibm	Spectrum Protect Manager For Virtual Environments Data Protection For Vmware	>= 8.1.0.0, <= 8.1.6.0
Ibm	Tivoli Storage Manager For Virtual Environments Data Protection For Vmware	>= 7.1.0, <= 7.1.8.3
Linux	Linux Kernel	-
Microsoft	Windows	-
Ibm	Spectrum Protect For Virtual Environments Data Protection For Hyper-V	>= 8.1.0.0, <= 8.1.6.0
Ibm	Tivoli Storage Manager For Virtual Environments Data Protection For Hyper-V	>= 7.1.0, <= 7.1.8.0

Related Weaknesses (CWE)

CWE-400

References

http://www.ibm.com/support/docview.wss?uid=ibm10738765PatchVendor Advisory
http://www.securityfocus.com/bid/105940Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/148871VDB EntryVendor Advisory
http://www.ibm.com/support/docview.wss?uid=ibm10738765PatchVendor Advisory
http://www.securityfocus.com/bid/105940Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/148871VDB EntryVendor Advisory

FAQ

What is CVE-2018-1786?

CVE-2018-1786 is a vulnerability with a CVSS score of 5.3 (MEDIUM). IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IB...

How severe is CVE-2018-1786?

CVE-2018-1786 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1786?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect, Ibm Tivoli Storage Manager, Ibm Spectrum Protect Manager For Virtual Environments Data Protection For Vmware, Ibm Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Linux Kernel.