PT-2015-6733 · Microsoft+1 · Sql Server+4
Published
2015-08-23
·
Updated
2017-09-21
·
CVE-2015-4949
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 7.1 through 7.1.1
IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 7.1 through 7.1.1
Tivoli Storage FlashCopy Manager versions 4.1 through 4.1.1
Description
The issue allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, as cleartext passwords are placed in exception messages.
Recommendations
For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 7.1 through 7.1.1, update to version 7.1.2 or later.
For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 7.1 through 7.1.1, update to version 7.1.2 or later.
For Tivoli Storage FlashCopy Manager versions 4.1 through 4.1.1, update to version 4.1.2 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tivoli Storage Manager For Databases: Data Protection For Microsoft Sql Server
Ibm Tivoli Storage Manager For Mail: Data Protection For Microsoft Exchange Server
Exchange Server
Sql Server
Ibm Tivoli Storage Flashcopy Manager