Just a brief update. I've exchanged eMails with IBM, and in order to exploit this bug, an attacker would need access to modify data in the cache or secondary storage (Tivoli Storage Manager / Spectrum Protect / Cloud Storage Buckets / Filesystems). This is a pretty extreme level of access, meaning that any attacker looking to exploit this bug would already be able to do far more damage than simply crash CMOD instances.
In short, the level of risk associated with this alert is extremely low.
-JD.