Search

Find a vulnerability

Search criteria

    98 vulnerabilities found for tivoli_storage_manager by ibm

    CVE-2020-28198 (GCVE-0-2020-28198)

    Vulnerability from nvd – Published: 2021-05-06 19:25 – Updated: 2024-08-04 16:33 Unsupported When Assigned
    VLAI
    Summary
    The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Date Public
    2020-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-28198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-26T20:28:19.255372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-26T20:28:28.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:57.929Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-06T19:25:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-28198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
                  "refsource": "MISC",
                  "url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
                },
                {
                  "name": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
                  "refsource": "MISC",
                  "url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-28198",
        "datePublished": "2021-05-06T19:25:28.000Z",
        "dateReserved": "2020-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:57.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1786 (GCVE-0-2018-1786)

    Vulnerability from nvd – Published: 2018-11-12 16:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2018-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:44.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-tivoli-cve20181786-dos(148871)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
              },
              {
                "name": "105940",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105940"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-tivoli-cve20181786-dos(148871)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
            },
            {
              "name": "105940",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105940"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-11-08T00:00:00",
              "ID": "CVE-2018-1786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-tivoli-cve20181786-dos(148871)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
                },
                {
                  "name": "105940",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105940"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1786",
        "datePublished": "2018-11-12T16:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:42.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1550 (GCVE-0-2018-1550)

    Vulnerability from nvd – Published: 2018-09-26 15:00 – Updated: 2024-09-16 22:50
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2018-09-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:43.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-tivoli-cve20181550-dos(142696)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T14:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-tivoli-cve20181550-dos(142696)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-09-24T00:00:00",
              "ID": "CVE-2018-1550",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "L",
                  "C": "N",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-tivoli-cve20181550-dos(142696)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10719401",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1550",
        "datePublished": "2018-09-26T15:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:50:57.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1378 (GCVE-0-2017-1378)

    Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect for Virtual Environments",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-05T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2017-1378",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect for Virtual Environments",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006215",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1378",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:09.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1339 (GCVE-0-2017-1339)

    Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-16 17:34
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101113",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101113"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
              },
              {
                "name": "1039498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039498"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-06T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "101113",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101113"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
            },
            {
              "name": "1039498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039498"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2017-1339",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101113",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101113"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22007936",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
                },
                {
                  "name": "1039498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039498"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1339",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:34:11.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1301 (GCVE-0-2017-1301)

    Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
              },
              {
                "name": "101107",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101107"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-06T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
            },
            {
              "name": "101107",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101107"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2017-1301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006248",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
                },
                {
                  "name": "101107",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101107"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1301",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:53.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8937 (GCVE-0-2016-8937)

    Vulnerability from nvd – Published: 2017-10-05 17:00 – Updated: 2024-09-16 16:53
    VLAI
    Summary
    The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-05T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2016-8937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22007935",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8937",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:53.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8939 (GCVE-0-2016-8939)

    Vulnerability from nvd – Published: 2017-06-07 17:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://improsec.com/blog/vulnerability-in-tsm"
              },
              {
                "name": "1038607",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038607"
              },
              {
                "name": "98783",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98783"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-15T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://improsec.com/blog/vulnerability-in-tsm"
            },
            {
              "name": "1038607",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038607"
            },
            {
              "name": "98783",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98783"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://improsec.com/blog/vulnerability-in-tsm",
                  "refsource": "MISC",
                  "url": "https://improsec.com/blog/vulnerability-in-tsm"
                },
                {
                  "name": "1038607",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038607"
                },
                {
                  "name": "98783",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98783"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22003738",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8939",
        "datePublished": "2017-06-07T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8916 (GCVE-0-2016-8916)

    Vulnerability from nvd – Published: 2017-05-05 19:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2017-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
              },
              {
                "name": "98335",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98335"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-09T09:57:02.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
            },
            {
              "name": "98335",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98335"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8916",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998166",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
                },
                {
                  "name": "98335",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98335"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8916",
        "datePublished": "2017-05-05T19:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8940 (GCVE-0-2016-8940)

    Vulnerability from nvd – Published: 2017-03-07 17:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Affected: 5.3.5.3
    Affected: 5.4.1.2
    Affected: 4.2
    Affected: 4.2.1
    Affected: 5.1.8
    Affected: 5.2.5.1
    Affected: 5.2.7
    Affected: 5.2.8
    Affected: 5.2.9
    Affected: 5.3.0
    Affected: 5.3.1
    Affected: 5.3.2
    Affected: 5.3.3
    Affected: 5.4.4.0
    Affected: 5.4.2.4
    Affected: 5.4.2.3
    Affected: 5.4.2.2
    Affected: 5.3.6.9
    Affected: 5.3.6.2
    Affected: 5.3.6.1
    Affected: 5.3.4
    Affected: 5.2.5.3
    Affected: 5.2.5.2
    Affected: 5.2.4
    Affected: 5.3.5.1
    Affected: 5.3.2.4
    Affected: 6.0
    Affected: 5.1.0
    Affected: 5.1.1
    Affected: 5.1.10
    Affected: 5.1.5
    Affected: 5.1.6
    Affected: 5.1.7
    Affected: 5.1.9
    Affected: 5.2.0
    Affected: 5.2.1
    Affected: 4.2.2
    Affected: 4.2.3
    Affected: 4.2.4
    Affected: 5.2.2
    Affected: 5.3
    Affected: 5.2 Client
    Affected: 5.4 Client
    Affected: 5.5.7
    Affected: 5.2.3.4 Client
    Affected: 5.5.1.0
    Affected: 5.5.1.6
    Affected: 5.4
    Affected: 5.5
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 7.1
    Create a notification for this product.
    Date Public
    2017-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.2.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.9"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                },
                {
                  "status": "affected",
                  "version": "4.2.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.3"
                },
                {
                  "status": "affected",
                  "version": "4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2 Client"
                },
                {
                  "status": "affected",
                  "version": "5.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.3.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.4"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-07T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8940",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.5.3"
                              },
                              {
                                "version_value": "5.4.1.2"
                              },
                              {
                                "version_value": "4.2"
                              },
                              {
                                "version_value": "4.2.1"
                              },
                              {
                                "version_value": "5.1.8"
                              },
                              {
                                "version_value": "5.2.5.1"
                              },
                              {
                                "version_value": "5.2.7"
                              },
                              {
                                "version_value": "5.2.8"
                              },
                              {
                                "version_value": "5.2.9"
                              },
                              {
                                "version_value": "5.3.0"
                              },
                              {
                                "version_value": "5.3.1"
                              },
                              {
                                "version_value": "5.3.2"
                              },
                              {
                                "version_value": "5.3.3"
                              },
                              {
                                "version_value": "5.4.4.0"
                              },
                              {
                                "version_value": "5.4.2.4"
                              },
                              {
                                "version_value": "5.4.2.3"
                              },
                              {
                                "version_value": "5.4.2.2"
                              },
                              {
                                "version_value": "5.3.6.9"
                              },
                              {
                                "version_value": "5.3.6.2"
                              },
                              {
                                "version_value": "5.3.6.1"
                              },
                              {
                                "version_value": "5.3.4"
                              },
                              {
                                "version_value": "5.2.5.3"
                              },
                              {
                                "version_value": "5.2.5.2"
                              },
                              {
                                "version_value": "5.2.4"
                              },
                              {
                                "version_value": "5.3.5.1"
                              },
                              {
                                "version_value": "5.3.2.4"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.1"
                              },
                              {
                                "version_value": "5.1.10"
                              },
                              {
                                "version_value": "5.1.5"
                              },
                              {
                                "version_value": "5.1.6"
                              },
                              {
                                "version_value": "5.1.7"
                              },
                              {
                                "version_value": "5.1.9"
                              },
                              {
                                "version_value": "5.2.0"
                              },
                              {
                                "version_value": "5.2.1"
                              },
                              {
                                "version_value": "4.2.2"
                              },
                              {
                                "version_value": "4.2.3"
                              },
                              {
                                "version_value": "4.2.4"
                              },
                              {
                                "version_value": "5.2.2"
                              },
                              {
                                "version_value": "5.3"
                              },
                              {
                                "version_value": "5.2 Client"
                              },
                              {
                                "version_value": "5.4 Client"
                              },
                              {
                                "version_value": "5.5.7"
                              },
                              {
                                "version_value": "5.2.3.4 Client"
                              },
                              {
                                "version_value": "5.5.1.0"
                              },
                              {
                                "version_value": "5.5.1.6"
                              },
                              {
                                "version_value": "5.4"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              },
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998946",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8940",
        "datePublished": "2017-03-07T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8998 (GCVE-0-2016-8998)

    Vulnerability from nvd – Published: 2017-02-24 18:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2017-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96443"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-01T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "96443",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96443"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96443",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96443"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998747",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8998",
        "datePublished": "2017-02-24T18:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6110 (GCVE-0-2016-6110)

    Vulnerability from nvd – Published: 2017-02-01 22:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Affected: 5.3.5.3
    Affected: 5.4.1.2
    Affected: 4.2
    Affected: 4.2.1
    Affected: 5.1.8
    Affected: 5.2.5.1
    Affected: 5.2.7
    Affected: 5.2.8
    Affected: 5.2.9
    Affected: 5.3.0
    Affected: 5.3.1
    Affected: 5.3.2
    Affected: 5.3.3
    Affected: 5.4.4.0
    Affected: 5.4.2.4
    Affected: 5.4.2.3
    Affected: 5.4.2.2
    Affected: 5.3.6.9
    Affected: 5.3.6.2
    Affected: 5.3.6.1
    Affected: 5.3.4
    Affected: 5.2.5.3
    Affected: 5.2.5.2
    Affected: 5.2.4
    Affected: 5.3.5.1
    Affected: 5.3.2.4
    Affected: 6.0
    Affected: 5.1.0
    Affected: 5.1.1
    Affected: 5.1.10
    Affected: 5.1.5
    Affected: 5.1.6
    Affected: 5.1.7
    Affected: 5.1.9
    Affected: 5.2.0
    Affected: 5.2.1
    Affected: 4.2.2
    Affected: 4.2.3
    Affected: 4.2.4
    Affected: 5.2.2
    Affected: 5.3
    Affected: 5.2 Client
    Affected: 5.4 Client
    Affected: 5.5.7
    Affected: 5.2.3.4 Client
    Affected: 5.5.1.0
    Affected: 5.5.1.6
    Affected: 5.4
    Affected: 5.5
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 7.1
    Create a notification for this product.
    Date Public
    2017-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:19.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
              },
              {
                "name": "95306",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95306"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.2.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.9"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                },
                {
                  "status": "affected",
                  "version": "4.2.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.3"
                },
                {
                  "status": "affected",
                  "version": "4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2 Client"
                },
                {
                  "status": "affected",
                  "version": "5.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.3.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.4"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-24T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
            },
            {
              "name": "95306",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95306"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6110",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.5.3"
                              },
                              {
                                "version_value": "5.4.1.2"
                              },
                              {
                                "version_value": "4.2"
                              },
                              {
                                "version_value": "4.2.1"
                              },
                              {
                                "version_value": "5.1.8"
                              },
                              {
                                "version_value": "5.2.5.1"
                              },
                              {
                                "version_value": "5.2.7"
                              },
                              {
                                "version_value": "5.2.8"
                              },
                              {
                                "version_value": "5.2.9"
                              },
                              {
                                "version_value": "5.3.0"
                              },
                              {
                                "version_value": "5.3.1"
                              },
                              {
                                "version_value": "5.3.2"
                              },
                              {
                                "version_value": "5.3.3"
                              },
                              {
                                "version_value": "5.4.4.0"
                              },
                              {
                                "version_value": "5.4.2.4"
                              },
                              {
                                "version_value": "5.4.2.3"
                              },
                              {
                                "version_value": "5.4.2.2"
                              },
                              {
                                "version_value": "5.3.6.9"
                              },
                              {
                                "version_value": "5.3.6.2"
                              },
                              {
                                "version_value": "5.3.6.1"
                              },
                              {
                                "version_value": "5.3.4"
                              },
                              {
                                "version_value": "5.2.5.3"
                              },
                              {
                                "version_value": "5.2.5.2"
                              },
                              {
                                "version_value": "5.2.4"
                              },
                              {
                                "version_value": "5.3.5.1"
                              },
                              {
                                "version_value": "5.3.2.4"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.1"
                              },
                              {
                                "version_value": "5.1.10"
                              },
                              {
                                "version_value": "5.1.5"
                              },
                              {
                                "version_value": "5.1.6"
                              },
                              {
                                "version_value": "5.1.7"
                              },
                              {
                                "version_value": "5.1.9"
                              },
                              {
                                "version_value": "5.2.0"
                              },
                              {
                                "version_value": "5.2.1"
                              },
                              {
                                "version_value": "4.2.2"
                              },
                              {
                                "version_value": "4.2.3"
                              },
                              {
                                "version_value": "4.2.4"
                              },
                              {
                                "version_value": "5.2.2"
                              },
                              {
                                "version_value": "5.3"
                              },
                              {
                                "version_value": "5.2 Client"
                              },
                              {
                                "version_value": "5.4 Client"
                              },
                              {
                                "version_value": "5.5.7"
                              },
                              {
                                "version_value": "5.2.3.4 Client"
                              },
                              {
                                "version_value": "5.5.1.0"
                              },
                              {
                                "version_value": "5.5.1.6"
                              },
                              {
                                "version_value": "5.4"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              },
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21996198",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
                },
                {
                  "name": "95306",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95306"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6110",
        "datePublished": "2017-02-01T22:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:19.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0371 (GCVE-0-2016-0371)

    Vulnerability from nvd – Published: 2017-02-01 21:00 – Updated: 2024-08-05 22:15
    VLAI
    Summary
    The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Affected: 5.3.5.3
    Affected: 5.4.1.2
    Affected: 4.2
    Affected: 4.2.1
    Affected: 5.1.8
    Affected: 5.2.5.1
    Affected: 5.2.7
    Affected: 5.2.8
    Affected: 5.2.9
    Affected: 5.3.0
    Affected: 5.3.1
    Affected: 5.3.2
    Affected: 5.3.3
    Affected: 5.4.4.0
    Affected: 5.4.2.4
    Affected: 5.4.2.3
    Affected: 5.4.2.2
    Affected: 5.3.6.9
    Affected: 5.3.6.2
    Affected: 5.3.6.1
    Affected: 5.3.4
    Affected: 5.2.5.3
    Affected: 5.2.5.2
    Affected: 5.2.4
    Affected: 5.3.5.1
    Affected: 5.3.2.4
    Affected: 6.0
    Affected: 5.1.0
    Affected: 5.1.1
    Affected: 5.1.10
    Affected: 5.1.5
    Affected: 5.1.6
    Affected: 5.1.7
    Affected: 5.1.9
    Affected: 5.2.0
    Affected: 5.2.1
    Affected: 4.2.2
    Affected: 4.2.3
    Affected: 4.2.4
    Affected: 5.2.2
    Affected: 5.3
    Affected: 5.2 Client
    Affected: 5.4 Client
    Affected: 5.5.7
    Affected: 5.2.3.4 Client
    Affected: 5.5.1.0
    Affected: 5.5.1.6
    Affected: 5.4
    Affected: 5.5
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 7.1
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:15:24.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94148"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.2.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.9"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                },
                {
                  "status": "affected",
                  "version": "4.2.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.3"
                },
                {
                  "status": "affected",
                  "version": "4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2 Client"
                },
                {
                  "status": "affected",
                  "version": "5.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.3.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.4"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "94148",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94148"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-0371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.5.3"
                              },
                              {
                                "version_value": "5.4.1.2"
                              },
                              {
                                "version_value": "4.2"
                              },
                              {
                                "version_value": "4.2.1"
                              },
                              {
                                "version_value": "5.1.8"
                              },
                              {
                                "version_value": "5.2.5.1"
                              },
                              {
                                "version_value": "5.2.7"
                              },
                              {
                                "version_value": "5.2.8"
                              },
                              {
                                "version_value": "5.2.9"
                              },
                              {
                                "version_value": "5.3.0"
                              },
                              {
                                "version_value": "5.3.1"
                              },
                              {
                                "version_value": "5.3.2"
                              },
                              {
                                "version_value": "5.3.3"
                              },
                              {
                                "version_value": "5.4.4.0"
                              },
                              {
                                "version_value": "5.4.2.4"
                              },
                              {
                                "version_value": "5.4.2.3"
                              },
                              {
                                "version_value": "5.4.2.2"
                              },
                              {
                                "version_value": "5.3.6.9"
                              },
                              {
                                "version_value": "5.3.6.2"
                              },
                              {
                                "version_value": "5.3.6.1"
                              },
                              {
                                "version_value": "5.3.4"
                              },
                              {
                                "version_value": "5.2.5.3"
                              },
                              {
                                "version_value": "5.2.5.2"
                              },
                              {
                                "version_value": "5.2.4"
                              },
                              {
                                "version_value": "5.3.5.1"
                              },
                              {
                                "version_value": "5.3.2.4"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.1"
                              },
                              {
                                "version_value": "5.1.10"
                              },
                              {
                                "version_value": "5.1.5"
                              },
                              {
                                "version_value": "5.1.6"
                              },
                              {
                                "version_value": "5.1.7"
                              },
                              {
                                "version_value": "5.1.9"
                              },
                              {
                                "version_value": "5.2.0"
                              },
                              {
                                "version_value": "5.2.1"
                              },
                              {
                                "version_value": "4.2.2"
                              },
                              {
                                "version_value": "4.2.3"
                              },
                              {
                                "version_value": "4.2.4"
                              },
                              {
                                "version_value": "5.2.2"
                              },
                              {
                                "version_value": "5.3"
                              },
                              {
                                "version_value": "5.2 Client"
                              },
                              {
                                "version_value": "5.4 Client"
                              },
                              {
                                "version_value": "5.5.7"
                              },
                              {
                                "version_value": "5.2.3.4 Client"
                              },
                              {
                                "version_value": "5.5.1.0"
                              },
                              {
                                "version_value": "5.5.1.6"
                              },
                              {
                                "version_value": "5.4"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              },
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94148",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94148"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-0371",
        "datePublished": "2017-02-01T21:00:00.000Z",
        "dateReserved": "2015-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:15:24.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6046 (GCVE-0-2016-6046)

    Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Extended Edition Affected: 6.4
    Affected: 7.1
    Affected: 7.1.1
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:19.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95093"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager Extended Edition",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "95093",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95093"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager Extended Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "7.1.1"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95093",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95093"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6046",
        "datePublished": "2017-02-01T20:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:19.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6045 (GCVE-0-2016-6045)

    Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Extended Edition Affected: 6.4
    Affected: 7.1
    Affected: 7.1.1
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:20.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
              },
              {
                "name": "95087",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95087"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager Extended Edition",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
            },
            {
              "name": "95087",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95087"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6045",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager Extended Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "7.1.1"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
                },
                {
                  "name": "95087",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95087"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6045",
        "datePublished": "2017-02-01T20:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:20.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6044 (GCVE-0-2016-6044)

    Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
    Severity
    No CVSS data available.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Extended Edition Affected: 6.4
    Affected: 7.1
    Affected: 7.1.1
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:18.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95091"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager Extended Edition",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application\u0027s REST API, which may let the attacker violate security policy."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "95091",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95091"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6044",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager Extended Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "7.1.1"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application\u0027s REST API, which may let the attacker violate security policy."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95091",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95091"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6044",
        "datePublished": "2017-02-01T20:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:18.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6043 (GCVE-0-2016-6043)

    Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
    Severity
    No CVSS data available.
    CWE
    • Bypass Security
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Extended Edition Affected: 6.4
    Affected: 7.1
    Affected: 7.1.1
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:18.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
              },
              {
                "name": "95090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95090"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager Extended Edition",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Bypass Security",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
            },
            {
              "name": "95090",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95090"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6043",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager Extended Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "7.1.1"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Bypass Security"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
                },
                {
                  "name": "95090",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95090"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6043",
        "datePublished": "2017-02-01T20:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:18.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-28198 (GCVE-0-2020-28198)

    Vulnerability from cvelistv5 – Published: 2021-05-06 19:25 – Updated: 2024-08-04 16:33 Unsupported When Assigned
    VLAI
    Summary
    The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Date Public
    2020-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-28198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-26T20:28:19.255372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-26T20:28:28.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:33:57.929Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-06T19:25:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-28198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** UNSUPPORTED WHEN ASSIGNED ** The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
                  "refsource": "MISC",
                  "url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
                },
                {
                  "name": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
                  "refsource": "MISC",
                  "url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-28198",
        "datePublished": "2021-05-06T19:25:28.000Z",
        "dateReserved": "2020-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:33:57.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1786 (GCVE-0-2018-1786)

    Vulnerability from cvelistv5 – Published: 2018-11-12 16:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2018-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:44.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-tivoli-cve20181786-dos(148871)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
              },
              {
                "name": "105940",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105940"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-tivoli-cve20181786-dos(148871)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
            },
            {
              "name": "105940",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105940"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-11-08T00:00:00",
              "ID": "CVE-2018-1786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-tivoli-cve20181786-dos(148871)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
                },
                {
                  "name": "105940",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105940"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1786",
        "datePublished": "2018-11-12T16:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:42.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1550 (GCVE-0-2018-1550)

    Vulnerability from cvelistv5 – Published: 2018-09-26 15:00 – Updated: 2024-09-16 22:50
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2018-09-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:43.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-tivoli-cve20181550-dos(142696)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T14:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-tivoli-cve20181550-dos(142696)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-09-24T00:00:00",
              "ID": "CVE-2018-1550",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "L",
                  "C": "N",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-tivoli-cve20181550-dos(142696)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10719401",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1550",
        "datePublished": "2018-09-26T15:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:50:57.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1378 (GCVE-0-2017-1378)

    Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect for Virtual Environments",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-05T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2017-1378",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect for Virtual Environments",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006215",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1378",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:09.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8937 (GCVE-0-2016-8937)

    Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-16 16:53
    VLAI
    Summary
    The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-05T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2016-8937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22007935",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8937",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:53.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1339 (GCVE-0-2017-1339)

    Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-16 17:34
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101113",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101113"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
              },
              {
                "name": "1039498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039498"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-06T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "101113",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101113"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
            },
            {
              "name": "1039498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039498"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2017-1339",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101113",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101113"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22007936",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
                },
                {
                  "name": "1039498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039498"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1339",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:34:11.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1301 (GCVE-0-2017-1301)

    Vulnerability from cvelistv5 – Published: 2017-10-05 17:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
              },
              {
                "name": "101107",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101107"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-06T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
            },
            {
              "name": "101107",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101107"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00",
              "ID": "CVE-2017-1301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006248",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
                },
                {
                  "name": "101107",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101107"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1301",
        "datePublished": "2017-10-05T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:53.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8939 (GCVE-0-2016-8939)

    Vulnerability from cvelistv5 – Published: 2017-06-07 17:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2017-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://improsec.com/blog/vulnerability-in-tsm"
              },
              {
                "name": "1038607",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038607"
              },
              {
                "name": "98783",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98783"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-15T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://improsec.com/blog/vulnerability-in-tsm"
            },
            {
              "name": "1038607",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038607"
            },
            {
              "name": "98783",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98783"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://improsec.com/blog/vulnerability-in-tsm",
                  "refsource": "MISC",
                  "url": "https://improsec.com/blog/vulnerability-in-tsm"
                },
                {
                  "name": "1038607",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038607"
                },
                {
                  "name": "98783",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98783"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22003738",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8939",
        "datePublished": "2017-06-07T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8916 (GCVE-0-2016-8916)

    Vulnerability from cvelistv5 – Published: 2017-05-05 19:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2017-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
              },
              {
                "name": "98335",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98335"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-09T09:57:02.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
            },
            {
              "name": "98335",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98335"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8916",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998166",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
                },
                {
                  "name": "98335",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98335"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8916",
        "datePublished": "2017-05-05T19:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8940 (GCVE-0-2016-8940)

    Vulnerability from cvelistv5 – Published: 2017-03-07 17:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Affected: 5.3.5.3
    Affected: 5.4.1.2
    Affected: 4.2
    Affected: 4.2.1
    Affected: 5.1.8
    Affected: 5.2.5.1
    Affected: 5.2.7
    Affected: 5.2.8
    Affected: 5.2.9
    Affected: 5.3.0
    Affected: 5.3.1
    Affected: 5.3.2
    Affected: 5.3.3
    Affected: 5.4.4.0
    Affected: 5.4.2.4
    Affected: 5.4.2.3
    Affected: 5.4.2.2
    Affected: 5.3.6.9
    Affected: 5.3.6.2
    Affected: 5.3.6.1
    Affected: 5.3.4
    Affected: 5.2.5.3
    Affected: 5.2.5.2
    Affected: 5.2.4
    Affected: 5.3.5.1
    Affected: 5.3.2.4
    Affected: 6.0
    Affected: 5.1.0
    Affected: 5.1.1
    Affected: 5.1.10
    Affected: 5.1.5
    Affected: 5.1.6
    Affected: 5.1.7
    Affected: 5.1.9
    Affected: 5.2.0
    Affected: 5.2.1
    Affected: 4.2.2
    Affected: 4.2.3
    Affected: 4.2.4
    Affected: 5.2.2
    Affected: 5.3
    Affected: 5.2 Client
    Affected: 5.4 Client
    Affected: 5.5.7
    Affected: 5.2.3.4 Client
    Affected: 5.5.1.0
    Affected: 5.5.1.6
    Affected: 5.4
    Affected: 5.5
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 7.1
    Create a notification for this product.
    Date Public
    2017-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.2.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.9"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                },
                {
                  "status": "affected",
                  "version": "4.2.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.3"
                },
                {
                  "status": "affected",
                  "version": "4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2 Client"
                },
                {
                  "status": "affected",
                  "version": "5.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.3.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.4"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-07T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8940",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.5.3"
                              },
                              {
                                "version_value": "5.4.1.2"
                              },
                              {
                                "version_value": "4.2"
                              },
                              {
                                "version_value": "4.2.1"
                              },
                              {
                                "version_value": "5.1.8"
                              },
                              {
                                "version_value": "5.2.5.1"
                              },
                              {
                                "version_value": "5.2.7"
                              },
                              {
                                "version_value": "5.2.8"
                              },
                              {
                                "version_value": "5.2.9"
                              },
                              {
                                "version_value": "5.3.0"
                              },
                              {
                                "version_value": "5.3.1"
                              },
                              {
                                "version_value": "5.3.2"
                              },
                              {
                                "version_value": "5.3.3"
                              },
                              {
                                "version_value": "5.4.4.0"
                              },
                              {
                                "version_value": "5.4.2.4"
                              },
                              {
                                "version_value": "5.4.2.3"
                              },
                              {
                                "version_value": "5.4.2.2"
                              },
                              {
                                "version_value": "5.3.6.9"
                              },
                              {
                                "version_value": "5.3.6.2"
                              },
                              {
                                "version_value": "5.3.6.1"
                              },
                              {
                                "version_value": "5.3.4"
                              },
                              {
                                "version_value": "5.2.5.3"
                              },
                              {
                                "version_value": "5.2.5.2"
                              },
                              {
                                "version_value": "5.2.4"
                              },
                              {
                                "version_value": "5.3.5.1"
                              },
                              {
                                "version_value": "5.3.2.4"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.1"
                              },
                              {
                                "version_value": "5.1.10"
                              },
                              {
                                "version_value": "5.1.5"
                              },
                              {
                                "version_value": "5.1.6"
                              },
                              {
                                "version_value": "5.1.7"
                              },
                              {
                                "version_value": "5.1.9"
                              },
                              {
                                "version_value": "5.2.0"
                              },
                              {
                                "version_value": "5.2.1"
                              },
                              {
                                "version_value": "4.2.2"
                              },
                              {
                                "version_value": "4.2.3"
                              },
                              {
                                "version_value": "4.2.4"
                              },
                              {
                                "version_value": "5.2.2"
                              },
                              {
                                "version_value": "5.3"
                              },
                              {
                                "version_value": "5.2 Client"
                              },
                              {
                                "version_value": "5.4 Client"
                              },
                              {
                                "version_value": "5.5.7"
                              },
                              {
                                "version_value": "5.2.3.4 Client"
                              },
                              {
                                "version_value": "5.5.1.0"
                              },
                              {
                                "version_value": "5.5.1.6"
                              },
                              {
                                "version_value": "5.4"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              },
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998946",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8940",
        "datePublished": "2017-03-07T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8998 (GCVE-0-2016-8998)

    Vulnerability from cvelistv5 – Published: 2017-02-24 18:00 – Updated: 2024-08-06 02:35
    VLAI
    Summary
    IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2017-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96443"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-01T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "96443",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96443"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-8998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96443",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96443"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21998747",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8998",
        "datePublished": "2017-02-24T18:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:35:02.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6110 (GCVE-0-2016-6110)

    Vulnerability from cvelistv5 – Published: 2017-02-01 22:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Affected: 5.3.5.3
    Affected: 5.4.1.2
    Affected: 4.2
    Affected: 4.2.1
    Affected: 5.1.8
    Affected: 5.2.5.1
    Affected: 5.2.7
    Affected: 5.2.8
    Affected: 5.2.9
    Affected: 5.3.0
    Affected: 5.3.1
    Affected: 5.3.2
    Affected: 5.3.3
    Affected: 5.4.4.0
    Affected: 5.4.2.4
    Affected: 5.4.2.3
    Affected: 5.4.2.2
    Affected: 5.3.6.9
    Affected: 5.3.6.2
    Affected: 5.3.6.1
    Affected: 5.3.4
    Affected: 5.2.5.3
    Affected: 5.2.5.2
    Affected: 5.2.4
    Affected: 5.3.5.1
    Affected: 5.3.2.4
    Affected: 6.0
    Affected: 5.1.0
    Affected: 5.1.1
    Affected: 5.1.10
    Affected: 5.1.5
    Affected: 5.1.6
    Affected: 5.1.7
    Affected: 5.1.9
    Affected: 5.2.0
    Affected: 5.2.1
    Affected: 4.2.2
    Affected: 4.2.3
    Affected: 4.2.4
    Affected: 5.2.2
    Affected: 5.3
    Affected: 5.2 Client
    Affected: 5.4 Client
    Affected: 5.5.7
    Affected: 5.2.3.4 Client
    Affected: 5.5.1.0
    Affected: 5.5.1.6
    Affected: 5.4
    Affected: 5.5
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 7.1
    Create a notification for this product.
    Date Public
    2017-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:19.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
              },
              {
                "name": "95306",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95306"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.2.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.9"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                },
                {
                  "status": "affected",
                  "version": "4.2.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.3"
                },
                {
                  "status": "affected",
                  "version": "4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2 Client"
                },
                {
                  "status": "affected",
                  "version": "5.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.3.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.4"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-24T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
            },
            {
              "name": "95306",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95306"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6110",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.5.3"
                              },
                              {
                                "version_value": "5.4.1.2"
                              },
                              {
                                "version_value": "4.2"
                              },
                              {
                                "version_value": "4.2.1"
                              },
                              {
                                "version_value": "5.1.8"
                              },
                              {
                                "version_value": "5.2.5.1"
                              },
                              {
                                "version_value": "5.2.7"
                              },
                              {
                                "version_value": "5.2.8"
                              },
                              {
                                "version_value": "5.2.9"
                              },
                              {
                                "version_value": "5.3.0"
                              },
                              {
                                "version_value": "5.3.1"
                              },
                              {
                                "version_value": "5.3.2"
                              },
                              {
                                "version_value": "5.3.3"
                              },
                              {
                                "version_value": "5.4.4.0"
                              },
                              {
                                "version_value": "5.4.2.4"
                              },
                              {
                                "version_value": "5.4.2.3"
                              },
                              {
                                "version_value": "5.4.2.2"
                              },
                              {
                                "version_value": "5.3.6.9"
                              },
                              {
                                "version_value": "5.3.6.2"
                              },
                              {
                                "version_value": "5.3.6.1"
                              },
                              {
                                "version_value": "5.3.4"
                              },
                              {
                                "version_value": "5.2.5.3"
                              },
                              {
                                "version_value": "5.2.5.2"
                              },
                              {
                                "version_value": "5.2.4"
                              },
                              {
                                "version_value": "5.3.5.1"
                              },
                              {
                                "version_value": "5.3.2.4"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.1"
                              },
                              {
                                "version_value": "5.1.10"
                              },
                              {
                                "version_value": "5.1.5"
                              },
                              {
                                "version_value": "5.1.6"
                              },
                              {
                                "version_value": "5.1.7"
                              },
                              {
                                "version_value": "5.1.9"
                              },
                              {
                                "version_value": "5.2.0"
                              },
                              {
                                "version_value": "5.2.1"
                              },
                              {
                                "version_value": "4.2.2"
                              },
                              {
                                "version_value": "4.2.3"
                              },
                              {
                                "version_value": "4.2.4"
                              },
                              {
                                "version_value": "5.2.2"
                              },
                              {
                                "version_value": "5.3"
                              },
                              {
                                "version_value": "5.2 Client"
                              },
                              {
                                "version_value": "5.4 Client"
                              },
                              {
                                "version_value": "5.5.7"
                              },
                              {
                                "version_value": "5.2.3.4 Client"
                              },
                              {
                                "version_value": "5.5.1.0"
                              },
                              {
                                "version_value": "5.5.1.6"
                              },
                              {
                                "version_value": "5.4"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              },
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21996198",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
                },
                {
                  "name": "95306",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95306"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6110",
        "datePublished": "2017-02-01T22:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:19.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0371 (GCVE-0-2016-0371)

    Vulnerability from cvelistv5 – Published: 2017-02-01 21:00 – Updated: 2024-08-05 22:15
    VLAI
    Summary
    The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Tivoli Storage Manager Affected: 5.3.5.3
    Affected: 5.4.1.2
    Affected: 4.2
    Affected: 4.2.1
    Affected: 5.1.8
    Affected: 5.2.5.1
    Affected: 5.2.7
    Affected: 5.2.8
    Affected: 5.2.9
    Affected: 5.3.0
    Affected: 5.3.1
    Affected: 5.3.2
    Affected: 5.3.3
    Affected: 5.4.4.0
    Affected: 5.4.2.4
    Affected: 5.4.2.3
    Affected: 5.4.2.2
    Affected: 5.3.6.9
    Affected: 5.3.6.2
    Affected: 5.3.6.1
    Affected: 5.3.4
    Affected: 5.2.5.3
    Affected: 5.2.5.2
    Affected: 5.2.4
    Affected: 5.3.5.1
    Affected: 5.3.2.4
    Affected: 6.0
    Affected: 5.1.0
    Affected: 5.1.1
    Affected: 5.1.10
    Affected: 5.1.5
    Affected: 5.1.6
    Affected: 5.1.7
    Affected: 5.1.9
    Affected: 5.2.0
    Affected: 5.2.1
    Affected: 4.2.2
    Affected: 4.2.3
    Affected: 4.2.4
    Affected: 5.2.2
    Affected: 5.3
    Affected: 5.2 Client
    Affected: 5.4 Client
    Affected: 5.5.7
    Affected: 5.2.3.4 Client
    Affected: 5.5.1.0
    Affected: 5.5.1.6
    Affected: 5.4
    Affected: 5.5
    Affected: 6.1
    Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 7.1
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:15:24.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94148"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tivoli Storage Manager",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.2.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.8"
                },
                {
                  "status": "affected",
                  "version": "5.2.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.3.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.4.0"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "5.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.9"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.2"
                },
                {
                  "status": "affected",
                  "version": "5.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "5.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.10"
                },
                {
                  "status": "affected",
                  "version": "5.1.5"
                },
                {
                  "status": "affected",
                  "version": "5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.1.7"
                },
                {
                  "status": "affected",
                  "version": "5.1.9"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                },
                {
                  "status": "affected",
                  "version": "4.2.2"
                },
                {
                  "status": "affected",
                  "version": "4.2.3"
                },
                {
                  "status": "affected",
                  "version": "4.2.4"
                },
                {
                  "status": "affected",
                  "version": "5.2.2"
                },
                {
                  "status": "affected",
                  "version": "5.3"
                },
                {
                  "status": "affected",
                  "version": "5.2 Client"
                },
                {
                  "status": "affected",
                  "version": "5.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.7"
                },
                {
                  "status": "affected",
                  "version": "5.2.3.4 Client"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "5.4"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "94148",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94148"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-0371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Tivoli Storage Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.3.5.3"
                              },
                              {
                                "version_value": "5.4.1.2"
                              },
                              {
                                "version_value": "4.2"
                              },
                              {
                                "version_value": "4.2.1"
                              },
                              {
                                "version_value": "5.1.8"
                              },
                              {
                                "version_value": "5.2.5.1"
                              },
                              {
                                "version_value": "5.2.7"
                              },
                              {
                                "version_value": "5.2.8"
                              },
                              {
                                "version_value": "5.2.9"
                              },
                              {
                                "version_value": "5.3.0"
                              },
                              {
                                "version_value": "5.3.1"
                              },
                              {
                                "version_value": "5.3.2"
                              },
                              {
                                "version_value": "5.3.3"
                              },
                              {
                                "version_value": "5.4.4.0"
                              },
                              {
                                "version_value": "5.4.2.4"
                              },
                              {
                                "version_value": "5.4.2.3"
                              },
                              {
                                "version_value": "5.4.2.2"
                              },
                              {
                                "version_value": "5.3.6.9"
                              },
                              {
                                "version_value": "5.3.6.2"
                              },
                              {
                                "version_value": "5.3.6.1"
                              },
                              {
                                "version_value": "5.3.4"
                              },
                              {
                                "version_value": "5.2.5.3"
                              },
                              {
                                "version_value": "5.2.5.2"
                              },
                              {
                                "version_value": "5.2.4"
                              },
                              {
                                "version_value": "5.3.5.1"
                              },
                              {
                                "version_value": "5.3.2.4"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.1"
                              },
                              {
                                "version_value": "5.1.10"
                              },
                              {
                                "version_value": "5.1.5"
                              },
                              {
                                "version_value": "5.1.6"
                              },
                              {
                                "version_value": "5.1.7"
                              },
                              {
                                "version_value": "5.1.9"
                              },
                              {
                                "version_value": "5.2.0"
                              },
                              {
                                "version_value": "5.2.1"
                              },
                              {
                                "version_value": "4.2.2"
                              },
                              {
                                "version_value": "4.2.3"
                              },
                              {
                                "version_value": "4.2.4"
                              },
                              {
                                "version_value": "5.2.2"
                              },
                              {
                                "version_value": "5.3"
                              },
                              {
                                "version_value": "5.2 Client"
                              },
                              {
                                "version_value": "5.4 Client"
                              },
                              {
                                "version_value": "5.5.7"
                              },
                              {
                                "version_value": "5.2.3.4 Client"
                              },
                              {
                                "version_value": "5.5.1.0"
                              },
                              {
                                "version_value": "5.5.1.6"
                              },
                              {
                                "version_value": "5.4"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.1"
                              },
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.3"
                              },
                              {
                                "version_value": "6.4"
                              },
                              {
                                "version_value": "7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94148",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94148"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-0371",
        "datePublished": "2017-02-01T21:00:00.000Z",
        "dateReserved": "2015-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:15:24.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }