CVE-2016-8937

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager versions 7.1 and 8.1

Description The default authentication protocol of the IBM Tivoli Storage Manager is susceptible to a brute force attack due to the disclosure of excessive information during the authentication process. This could allow an attacker to obtain user or administrative access to the TSM server.

Recommendations For versions 7.1 and 8.1, consider changing the default authentication protocol to a more secure alternative to mitigate the risk of brute force attacks. As a temporary workaround, restrict access to the TSM server and limit the number of authentication attempts to minimize the risk of exploitation.