OnDemand User Group
General => Announcements & News => Topic started by: Justin Derrick on September 28, 2022, 01:37:19 PM
-
IBM released a security bulletin for an old vulnerability from 2018 that affects current versions of CMOD:
https://www.ibm.com/support/pages/node/6824729
In short, it would allow an attacker that ALREADY has a very high level of access to your system to cause CMOD to crash.
Upgrading to the latest fixpack is always a good idea, this is just another reason to stay current on patches.
Ask your questions below, and I'll ask the developers to pop by and respond. Thanks.
-JD.
-
Just a brief update. I've exchanged eMails with IBM, and in order to exploit this bug, an attacker would need access to modify data in the cache or secondary storage (Tivoli Storage Manager / Spectrum Protect / Cloud Storage Buckets / Filesystems). This is a pretty extreme level of access, meaning that any attacker looking to exploit this bug would already be able to do far more damage than simply crash CMOD instances.
In short, the level of risk associated with this alert is extremely low.
-JD.