Search criteria
147 vulnerabilities found for tivoli_storage_manager by ibm
FKIE_CVE-2020-28198
Vulnerability from fkie_nvd - Published: 2021-05-06 20:15 - Updated: 2024-11-21 05:22
Severity ?
Summary
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "335583D7-12D1-46BB-AC8A-8369B7E13D35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGNO ** El par\u00e1metro \"id\" de IBM Tivoli Storage Manager Versi\u00f3n 5 Release 2 (Interfaz Administrativa de L\u00ednea de Comandos, dsmadmc.exe) es vulnerable a un desbordamiento del b\u00fafer de la pila explotable.\u0026#xa0;Nota: la vulnerabilidad puede ser explotada cuando es usado en modo \"interactive\" mientras que, debido a una limitaci\u00f3n del n\u00famero m\u00e1ximo de caracteres, no puede ser explotado en el uso por lotes o en la l\u00ednea de comandos (por ejemplo, dsmadmc.exe -id=username -password=pwd) .\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor"
}
],
"id": "CVE-2020-28198",
"lastModified": "2024-11-21T05:22:27.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-06T20:15:09.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1786
Vulnerability from fkie_nvd - Published: 2018-11-12 16:29 - Updated: 2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10738765 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105940 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10738765 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105940 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "314CA0C4-7473-417B-831D-913519497369",
"versionEndIncluding": "8.1.6.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32609201-B182-4C8D-91D7-EFE0565B524D",
"versionEndIncluding": "7.1.8.3",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_manager_for_virtual_environments_data_protection_for_vmware:*:*:*:*:*:vmware:*:*",
"matchCriteriaId": "5A68354B-AD73-4331-AC68-9E532790DFCC",
"versionEndIncluding": "8.1.6.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:*:*:*:*:*:vmware:*:*",
"matchCriteriaId": "61ACD4F3-BCE5-4BB5-A627-7E4933C24418",
"versionEndIncluding": "7.1.8.3",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments_data_protection_for_hyper-v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F0CE08-5F5F-4AA0-95E6-EDF015E69A00",
"versionEndIncluding": "8.1.6.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_hyper-v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68787BAC-28F8-41D2-A2E2-DBEB57159DB4",
"versionEndIncluding": "7.1.8.0",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
},
{
"lang": "es",
"value": "Los procesos dsmc y dsmcad de IBM Spectrum Protect 7.1 y 8.1 acumulan incorrectamente sockets TCP/IP en un estado CLOSE_WAIT. Esto puede provocar el filtrado del recurso TCP/IP y podr\u00eda resultar en una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 148871."
}
],
"id": "CVE-2018-1786",
"lastModified": "2024-11-21T04:00:22.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-12T16:29:00.280",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105940"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1550
Vulnerability from fkie_nvd - Published: 2018-09-26 15:29 - Updated: 2024-11-21 04:00
Severity ?
6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10719401 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/142696 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10719401 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/142696 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510B228-9418-4841-A389-903F299FC005",
"versionEndIncluding": "7.1.8.2",
"versionStartIncluding": "7.1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47643E98-C42A-4BA1-841C-46F2DD2C10E4",
"versionEndIncluding": "8.1.4",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3591CA5B-D577-45FB-99D1-D009E8D56A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76C5CA2-27EF-4A15-90AD-A4E7CF54D2B4",
"versionEndIncluding": "7.1.8.2",
"versionStartIncluding": "7.1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4DE7B2-1D22-48D4-9C60-CA2463DAF4FB",
"versionEndIncluding": "8.1.4.1",
"versionStartIncluding": "8.1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFC7506-645F-47ED-8658-C334AB96C8A2",
"versionEndIncluding": "7.1.8.2",
"versionStartIncluding": "7.1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8BA9D9-9AD0-4360-9308-5E3325A4AA0B",
"versionEndIncluding": "8.1.4.1",
"versionStartIncluding": "8.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
},
{
"lang": "es",
"value": "IBM Spectrum Protect 7.1 y 8.1 podr\u00eda permitir que un usuario local corrompa o elimine informaci\u00f3n altamente sensible que provocar\u00eda una denegaci\u00f3n de servicio (DoS) en otros usuarios. IBM X-Force ID: 142696."
}
],
"id": "CVE-2018-1550",
"lastModified": "2024-11-21T04:00:00.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T15:29:00.420",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1378
Vulnerability from fkie_nvd - Published: 2017-10-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006215 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006215 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AE11FE-5D3C-4103-B756-254BBB744C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C818A4D8-7F9C-417C-BA94-14F5A8692C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
},
{
"lang": "es",
"value": "IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) revela las credenciales sin cifrar de inicio de sesi\u00f3n de Vmware vCenter en la salida de la traza de la aplicaci\u00f3n, las cuales las puede obtener un usuario local. IBM X-Force ID: 126875."
}
],
"id": "CVE-2017-1378",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.373",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1301
Vulnerability from fkie_nvd - Published: 2017-10-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006248 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101107 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006248 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101107 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE445AF2-0110-4BC0-B123-CC4C24F974B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C818A4D8-7F9C-417C-BA94-14F5A8692C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
},
{
"lang": "es",
"value": "IBM Spectrum Protect 7.1 y 8.1 podr\u00eda permitir que un atacante local realice un ataque symlink. IBM Spectrum Protect Backup-archive Client crea archivos temporales de manera no segura. Un atacante local podr\u00eda explotar esta vulnerabilidad creando un enlace simb\u00f3lico de un archivo temporal a varios archivos del sistema, lo que podr\u00eda permitir que el atacante sobrescriba archivos arbitrarios en el sistema con privilegios elevados. IBM X-Force ID: 125163."
}
],
"id": "CVE-2017-1301",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.297",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1339
Vulnerability from fkie_nvd - Published: 2017-10-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007936 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101113 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039498 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007936 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101113 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039498 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*",
"matchCriteriaId": "4717F07E-B1B0-4F90-9ECF-DD08E3E94D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*",
"matchCriteriaId": "13B7B79B-C85C-4CF6-BBBF-DB00D857BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB2B65F-A847-47E9-85D9-C42EC7F7F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0587F4BC-4B77-42A1-BA13-296C6CD41355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
},
{
"lang": "es",
"value": "El servidor de IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) utiliza un cifrado de contrase\u00f1a d\u00e9bil. Un administrador de la base de datos podr\u00eda descifrar la contrase\u00f1a del cliente o administrador de IBM Spectrum Protect, pudiendo provocar que se divulgue informaci\u00f3n o una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 126247."
}
],
"id": "CVE-2017-1339",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8937
Vulnerability from fkie_nvd - Published: 2017-10-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007935 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007935 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*",
"matchCriteriaId": "4717F07E-B1B0-4F90-9ECF-DD08E3E94D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*",
"matchCriteriaId": "13B7B79B-C85C-4CF6-BBBF-DB00D857BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB2B65F-A847-47E9-85D9-C42EC7F7F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0587F4BC-4B77-42A1-BA13-296C6CD41355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
},
{
"lang": "es",
"value": "El protocolo de autenticaci\u00f3n por defecto de IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) es vulnerable a ataques de fuerza bruta ya que revela demasiada informaci\u00f3n durante el proceso de autenticaci\u00f3n. Un atacante podr\u00eda obtener acceso administrativo o de usuario al servidor TSM. IBM X-Force ID: 118750."
}
],
"id": "CVE-2016-8937",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8939
Vulnerability from fkie_nvd - Published: 2017-06-07 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*",
"matchCriteriaId": "4717F07E-B1B0-4F90-9ECF-DD08E3E94D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*",
"matchCriteriaId": "13B7B79B-C85C-4CF6-BBBF-DB00D857BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB2B65F-A847-47E9-85D9-C42EC7F7F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0587F4BC-4B77-42A1-BA13-296C6CD41355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
},
{
"lang": "es",
"value": "Clientes y agentes de Tivoli Storage Manager de IBM (Spectrum Protect versiones 7.1 y 8.1 de IBM), almacenan informaci\u00f3n de contrase\u00f1as en el Registro Windows de una manera que pueda verse comprometida. ID de IBM X-Force: 118790."
}
],
"id": "CVE-2016-8939",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T17:29:00.617",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
},
{
"source": "psirt@us.ibm.com",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8916
Vulnerability from fkie_nvd - Published: 2017-05-05 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21998166 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98335 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21998166 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98335 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E93A755E-9963-43A1-9DE4-1565703674B3",
"versionEndIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3328F090-7A1A-43B8-B939-90EC559F872E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57D90ED4-C733-4E20-952A-109F1324FC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF86F65-0CC1-4525-814F-4DF9C9C285BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager en versiones 5.5, 6.1-6.4, y 7.1 almacena informaci\u00f3n de contrase\u00f1as en un fichero de log que puede ser le\u00eddo por un usuario local cuando se ejecuta un comando set passsword. IBM X-Force ID: 118472."
}
],
"id": "CVE-2016-8916",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-05T19:29:00.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8940
Vulnerability from fkie_nvd - Published: 2017-03-07 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21998946 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21998946 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3 y 7.1 no realiza comprobaci\u00f3n de autoridad suficiente en consultas SQL. Como resultado, un atacante puede enviar consultas SQL que acceden a tablas de bases de datos que no est\u00e1n destinadas para el acceso o uso por administradores. El acceso a estas tablas de bases de datos de productos espec\u00edficas puede permitir acceso a contrase\u00f1as u otra informaci\u00f3n sensible para el producto. Referencia de IBM #: 1998946."
}
],
"id": "CVE-2016-8940",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T17:59:00.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-28198 (GCVE-0-2020-28198)
Vulnerability from cvelistv5 – Published: 2021-05-06 19:25 – Updated: 2024-08-04 16:33 Unsupported When Assigned
VLAI?
Summary
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:28:19.255372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:28:28.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:57.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T19:25:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
"refsource": "MISC",
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"name": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
"refsource": "MISC",
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28198",
"datePublished": "2021-05-06T19:25:28",
"dateReserved": "2020-11-04T00:00:00",
"dateUpdated": "2024-08-04T16:33:57.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1786 (GCVE-0-2018-1786)
Vulnerability from cvelistv5 – Published: 2018-11-12 16:00 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-08T00:00:00",
"ID": "CVE-2018-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1786",
"datePublished": "2018-11-12T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:01:42.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1550 (GCVE-0-2018-1550)
Vulnerability from cvelistv5 – Published: 2018-09-26 15:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2018-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-24T00:00:00",
"ID": "CVE-2018-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719401",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1550",
"datePublished": "2018-09-26T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T22:50:57.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1339 (GCVE-0-2017-1339)
Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101113"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007936",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039498"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1339",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:34:11.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1378 (GCVE-0-2017-1378)
Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect for Virtual Environments |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect for Virtual Environments",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect for Virtual Environments",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006215",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1378",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:46:09.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8937 (GCVE-0-2016-8937)
Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-16 16:53
VLAI?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2016-8937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007935",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8937",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:53:53.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1301 (GCVE-0-2017-1301)
Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:56
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006248",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101107"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1301",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:56:53.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8939 (GCVE-0-2016-8939)
Vulnerability from cvelistv5 – Published: 2017-06-07 17:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-15T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://improsec.com/blog/vulnerability-in-tsm",
"refsource": "MISC",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98783"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003738",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8939",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8916 (GCVE-0-2016-8916)
Vulnerability from cvelistv5 – Published: 2017-05-05 19:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-09T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998166",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8916",
"datePublished": "2017-05-05T19:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8940 (GCVE-0-2016-8940)
Vulnerability from cvelistv5 – Published: 2017-03-07 17:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Tivoli Storage Manager |
Affected:
5.3.5.3
Affected: 5.4.1.2 Affected: 4.2 Affected: 4.2.1 Affected: 5.1.8 Affected: 5.2.5.1 Affected: 5.2.7 Affected: 5.2.8 Affected: 5.2.9 Affected: 5.3.0 Affected: 5.3.1 Affected: 5.3.2 Affected: 5.3.3 Affected: 5.4.4.0 Affected: 5.4.2.4 Affected: 5.4.2.3 Affected: 5.4.2.2 Affected: 5.3.6.9 Affected: 5.3.6.2 Affected: 5.3.6.1 Affected: 5.3.4 Affected: 5.2.5.3 Affected: 5.2.5.2 Affected: 5.2.4 Affected: 5.3.5.1 Affected: 5.3.2.4 Affected: 6.0 Affected: 5.1.0 Affected: 5.1.1 Affected: 5.1.10 Affected: 5.1.5 Affected: 5.1.6 Affected: 5.1.7 Affected: 5.1.9 Affected: 5.2.0 Affected: 5.2.1 Affected: 4.2.2 Affected: 4.2.3 Affected: 4.2.4 Affected: 5.2.2 Affected: 5.3 Affected: 5.2 Client Affected: 5.4 Client Affected: 5.5.7 Affected: 5.2.3.4 Client Affected: 5.5.1.0 Affected: 5.5.1.6 Affected: 5.4 Affected: 5.5 Affected: 6.1 Affected: 6.2 Affected: 6.3 Affected: 6.4 Affected: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.3.5.3"
},
{
"status": "affected",
"version": "5.4.1.2"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "5.1.8"
},
{
"status": "affected",
"version": "5.2.5.1"
},
{
"status": "affected",
"version": "5.2.7"
},
{
"status": "affected",
"version": "5.2.8"
},
{
"status": "affected",
"version": "5.2.9"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.4.4.0"
},
{
"status": "affected",
"version": "5.4.2.4"
},
{
"status": "affected",
"version": "5.4.2.3"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.3.6.9"
},
{
"status": "affected",
"version": "5.3.6.2"
},
{
"status": "affected",
"version": "5.3.6.1"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "5.2.5.3"
},
{
"status": "affected",
"version": "5.2.5.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.3.5.1"
},
{
"status": "affected",
"version": "5.3.2.4"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.10"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "5.1.7"
},
{
"status": "affected",
"version": "5.1.9"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.2 Client"
},
{
"status": "affected",
"version": "5.4 Client"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.2.3.4 Client"
},
{
"status": "affected",
"version": "5.5.1.0"
},
{
"status": "affected",
"version": "5.5.1.6"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-07T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "5.3.5.3"
},
{
"version_value": "5.4.1.2"
},
{
"version_value": "4.2"
},
{
"version_value": "4.2.1"
},
{
"version_value": "5.1.8"
},
{
"version_value": "5.2.5.1"
},
{
"version_value": "5.2.7"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.9"
},
{
"version_value": "5.3.0"
},
{
"version_value": "5.3.1"
},
{
"version_value": "5.3.2"
},
{
"version_value": "5.3.3"
},
{
"version_value": "5.4.4.0"
},
{
"version_value": "5.4.2.4"
},
{
"version_value": "5.4.2.3"
},
{
"version_value": "5.4.2.2"
},
{
"version_value": "5.3.6.9"
},
{
"version_value": "5.3.6.2"
},
{
"version_value": "5.3.6.1"
},
{
"version_value": "5.3.4"
},
{
"version_value": "5.2.5.3"
},
{
"version_value": "5.2.5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.3.5.1"
},
{
"version_value": "5.3.2.4"
},
{
"version_value": "6.0"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.1"
},
{
"version_value": "5.1.10"
},
{
"version_value": "5.1.5"
},
{
"version_value": "5.1.6"
},
{
"version_value": "5.1.7"
},
{
"version_value": "5.1.9"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.1"
},
{
"version_value": "4.2.2"
},
{
"version_value": "4.2.3"
},
{
"version_value": "4.2.4"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.2 Client"
},
{
"version_value": "5.4 Client"
},
{
"version_value": "5.5.7"
},
{
"version_value": "5.2.3.4 Client"
},
{
"version_value": "5.5.1.0"
},
{
"version_value": "5.5.1.6"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.4"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998946",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8940",
"datePublished": "2017-03-07T17:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28198 (GCVE-0-2020-28198)
Vulnerability from nvd – Published: 2021-05-06 19:25 – Updated: 2024-08-04 16:33 Unsupported When Assigned
VLAI?
Summary
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:28:19.255372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:28:28.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:57.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T19:25:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
"refsource": "MISC",
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"name": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
"refsource": "MISC",
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28198",
"datePublished": "2021-05-06T19:25:28",
"dateReserved": "2020-11-04T00:00:00",
"dateUpdated": "2024-08-04T16:33:57.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1786 (GCVE-0-2018-1786)
Vulnerability from nvd – Published: 2018-11-12 16:00 – Updated: 2024-09-17 01:01
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-08T00:00:00",
"ID": "CVE-2018-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1786",
"datePublished": "2018-11-12T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:01:42.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1550 (GCVE-0-2018-1550)
Vulnerability from nvd – Published: 2018-09-26 15:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2018-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-24T00:00:00",
"ID": "CVE-2018-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719401",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1550",
"datePublished": "2018-09-26T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T22:50:57.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1339 (GCVE-0-2017-1339)
Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101113"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007936",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039498"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1339",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:34:11.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1378 (GCVE-0-2017-1378)
Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect for Virtual Environments |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect for Virtual Environments",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect for Virtual Environments",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006215",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1378",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:46:09.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8937 (GCVE-0-2016-8937)
Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-16 16:53
VLAI?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2016-8937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007935",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8937",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:53:53.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1301 (GCVE-0-2017-1301)
Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:56
VLAI?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006248",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101107"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1301",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:56:53.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8939 (GCVE-0-2016-8939)
Vulnerability from nvd – Published: 2017-06-07 17:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect |
Affected:
7.1
Affected: 8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-15T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://improsec.com/blog/vulnerability-in-tsm",
"refsource": "MISC",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98783"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003738",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8939",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8916 (GCVE-0-2016-8916)
Vulnerability from nvd – Published: 2017-05-05 19:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-09T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998166",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8916",
"datePublished": "2017-05-05T19:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8940 (GCVE-0-2016-8940)
Vulnerability from nvd – Published: 2017-03-07 17:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Tivoli Storage Manager |
Affected:
5.3.5.3
Affected: 5.4.1.2 Affected: 4.2 Affected: 4.2.1 Affected: 5.1.8 Affected: 5.2.5.1 Affected: 5.2.7 Affected: 5.2.8 Affected: 5.2.9 Affected: 5.3.0 Affected: 5.3.1 Affected: 5.3.2 Affected: 5.3.3 Affected: 5.4.4.0 Affected: 5.4.2.4 Affected: 5.4.2.3 Affected: 5.4.2.2 Affected: 5.3.6.9 Affected: 5.3.6.2 Affected: 5.3.6.1 Affected: 5.3.4 Affected: 5.2.5.3 Affected: 5.2.5.2 Affected: 5.2.4 Affected: 5.3.5.1 Affected: 5.3.2.4 Affected: 6.0 Affected: 5.1.0 Affected: 5.1.1 Affected: 5.1.10 Affected: 5.1.5 Affected: 5.1.6 Affected: 5.1.7 Affected: 5.1.9 Affected: 5.2.0 Affected: 5.2.1 Affected: 4.2.2 Affected: 4.2.3 Affected: 4.2.4 Affected: 5.2.2 Affected: 5.3 Affected: 5.2 Client Affected: 5.4 Client Affected: 5.5.7 Affected: 5.2.3.4 Client Affected: 5.5.1.0 Affected: 5.5.1.6 Affected: 5.4 Affected: 5.5 Affected: 6.1 Affected: 6.2 Affected: 6.3 Affected: 6.4 Affected: 7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.3.5.3"
},
{
"status": "affected",
"version": "5.4.1.2"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "5.1.8"
},
{
"status": "affected",
"version": "5.2.5.1"
},
{
"status": "affected",
"version": "5.2.7"
},
{
"status": "affected",
"version": "5.2.8"
},
{
"status": "affected",
"version": "5.2.9"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.4.4.0"
},
{
"status": "affected",
"version": "5.4.2.4"
},
{
"status": "affected",
"version": "5.4.2.3"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.3.6.9"
},
{
"status": "affected",
"version": "5.3.6.2"
},
{
"status": "affected",
"version": "5.3.6.1"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "5.2.5.3"
},
{
"status": "affected",
"version": "5.2.5.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.3.5.1"
},
{
"status": "affected",
"version": "5.3.2.4"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.10"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "5.1.7"
},
{
"status": "affected",
"version": "5.1.9"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.2 Client"
},
{
"status": "affected",
"version": "5.4 Client"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.2.3.4 Client"
},
{
"status": "affected",
"version": "5.5.1.0"
},
{
"status": "affected",
"version": "5.5.1.6"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-07T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "5.3.5.3"
},
{
"version_value": "5.4.1.2"
},
{
"version_value": "4.2"
},
{
"version_value": "4.2.1"
},
{
"version_value": "5.1.8"
},
{
"version_value": "5.2.5.1"
},
{
"version_value": "5.2.7"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.9"
},
{
"version_value": "5.3.0"
},
{
"version_value": "5.3.1"
},
{
"version_value": "5.3.2"
},
{
"version_value": "5.3.3"
},
{
"version_value": "5.4.4.0"
},
{
"version_value": "5.4.2.4"
},
{
"version_value": "5.4.2.3"
},
{
"version_value": "5.4.2.2"
},
{
"version_value": "5.3.6.9"
},
{
"version_value": "5.3.6.2"
},
{
"version_value": "5.3.6.1"
},
{
"version_value": "5.3.4"
},
{
"version_value": "5.2.5.3"
},
{
"version_value": "5.2.5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.3.5.1"
},
{
"version_value": "5.3.2.4"
},
{
"version_value": "6.0"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.1"
},
{
"version_value": "5.1.10"
},
{
"version_value": "5.1.5"
},
{
"version_value": "5.1.6"
},
{
"version_value": "5.1.7"
},
{
"version_value": "5.1.9"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.1"
},
{
"version_value": "4.2.2"
},
{
"version_value": "4.2.3"
},
{
"version_value": "4.2.4"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.2 Client"
},
{
"version_value": "5.4 Client"
},
{
"version_value": "5.5.7"
},
{
"version_value": "5.2.3.4 Client"
},
{
"version_value": "5.5.1.0"
},
{
"version_value": "5.5.1.6"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.4"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998946",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8940",
"datePublished": "2017-03-07T17:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}