CVE-2015-6557

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 5.5 through 5.5.6.1 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.5 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.7 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions prior to 7.1.2 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 5.5 through 5.5.1.1 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.1 through 6.1.3.7 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.3 through 6.3.1.5 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.4 through 6.4.1.7 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions prior to 7.1.2 IBM Tivoli Storage FlashCopy Manager versions 3.1 through 3.1.1.5 IBM Tivoli Storage FlashCopy Manager versions 3.2 through 3.2.1.7 IBM Tivoli Storage FlashCopy Manager versions prior to 4.1.2

Description The issue allows physically proximate attackers to obtain sensitive information by reading trace output when application tracing is used, as cleartext passwords are placed in exception messages.

Recommendations For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 5.5 through 5.5.6.1, update to version 5.5.6.1 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.5, update to version 6.3.1.5 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.7, update to version 6.4.1.7 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions prior to 7.1.2, update to version 7.1.2 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 5.5 through 5.5.1.1, update to version 5.5.1.1 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.1 through 6.1.3.7, update to version 6.1.3.7 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.3 through 6.3.1.5, update to version 6.3.1.5 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.4 through 6.4.1.7, update to version 6.4.1.7 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions prior to 7.1.2, update to version 7.1.2 or later. For IBM Tivoli Storage FlashCopy Manager versions 3.1 through 3.1.1.5, update to version 3.1.1.5 or later. For IBM Tivoli Storage FlashCopy Manager versions 3.2 through 3.2.1.7, update to version 3.2.1.7 or later. For IBM Tivoli Storage FlashCopy Manager versions prior to 4.1.2, update to version 4.1.2 or later.