CVE-2016-3059

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.7 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.9 Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.1 through 3.1.1.7 Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.2 through 3.2.1.9

Description The issue allows local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.

Recommendations For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.7, update to version 6.3.1.7 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.9, update to version 6.4.1.9 or later. For Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.1 through 3.1.1.7, update to version 3.1.1.7 or later. For Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.2 through 3.2.1.9, update to version 3.2.1.9 or later.