CVE-2015-4949

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 7.1 through 7.1.1 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 7.1 through 7.1.1 Tivoli Storage FlashCopy Manager versions 4.1 through 4.1.1

Description The issue allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, as cleartext passwords are placed in exception messages.

Recommendations For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 7.1 through 7.1.1, update to version 7.1.2 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 7.1 through 7.1.1, update to version 7.1.2 or later. For Tivoli Storage FlashCopy Manager versions 4.1 through 4.1.1, update to version 4.1.2 or later.