IBM has fixed a number of security vulnerabilities in the latest IBM Storage Protect Release 8.1.24 , but has also introduced new functionalities. Let's take a closer look at these.
Client
NetApp users who wanted to migrate to OnTap 9.10.1 or higher were no longer able to use the Snapdiff functionality in the old IBM Storage Protect versions.
SnapDiff enables the comparison of two snapshots of a file system and can be used to identify changes between the two snapshots and thus reduce backup times. With IBM Storage Protect Release 8.1.24 , it is now again possible to perform a SnapDiff backup on these versions via the Backup Archive Client.
The incremental backup (snapshot-assisted) can be performed both on the snapmirror source and destination side.
Furthermore, some problems with the WebCLient for Unix/Linux have been solved in the client version.
Server
IBM Storage Protect Server Version 8.1.24 now also supports RHEL 9 on x86_64 machines.
Since RHEL 7 went EOL this year, two RHEL versions are now supported again.
IBM Storage Ceph is now another option certified as cloud object storage with object lock functionality in the backend of ISP. The certification also applies retroactively from IBM Storage Protect Version 8.1.18. A number of security vulnerabilities have also been fixed in this release, which we have also looked at in more detail.
IBM DB2
A number of gaps have been closed here, which could mainly cause a Denial of Service-Attacke attack against the database via various attack vectors. There is no known current exploitation of these vulnerabilities. These vulnerabilities were given a medium criticality according to the CVSS-Score.
IBM Java SDK
Denial of service attacks via the network could also occur in the version of the IBM Java SDK used. The classification in the CVSS score shows a medium criticality.
No existing attack scenarios are currently known here either.
GoLang
Various components were fixed for the GoLang programming language used in the background of IBM Storage Protect. The potential targets here were manifold:
- Denial of Service
- Gain unauthorised access
- Read out information
Although no current attack scenarios are known here, some of these gaps were given a high CVSS-Score .
Other problems fixes
Highly rated is an APAR (https://www.ibm.com/support/pages/apar/IT46238), , which can lead to the crash of an instance if data is transferred to the cloud via a storage rule.
However, an instance can also crash if a delete filespace is sent in parallel to a replication storage rule or replicate node. This problem has also been fixed.
Other problems that have been fixed relate to problems when restoring retention pool Retention Pool-Daten data or errors when dismounting tapes, which could occur after installing IBM Storage Protect 8.1.23 .
Problems that could lead to a delay when deleting obsolete chunks in container storage pools have also been resolved.
Operation Center
In previous IBM Storage Protect versions, it was always necessary for the Operation Centre to run with root or admin rights on the respective instances.
Starting with IBM Storage Protect Release 8.1.24, it is possible to use the Operation Centre with fewer rights in the operating system.
The steps required to migrate to a corresponding user are described in the manual:
https://www.ibm.com/docs/en/storage-protect/8.1.24?topic=center-starting-operations-non-privileged-account
Sources and downloads
APAR list
The complete APAR list can be viewed at the following link:
https://www.ibm.com/support/pages/node/6447173#8124
Current version IBM Storage Protect Server
The current version of the IBM Storage Protect Server can be downloaded from the following link:
https://www.ibm.com/support/pages/download-information-ibm-storage-protect-servers-8124
