CVE-2015-7404

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 5.5 through 5.5.6.2 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.6 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.8 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions prior to 7.1.4 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 5.5 through 5.5.1.1 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.1 through 6.3.1.6 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.4 through 6.4.1.8 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions prior to 7.1.4 Tivoli Storage FlashCopy Manager for Windows versions 2.x through 3.1.1.6 Tivoli Storage FlashCopy Manager for Windows versions 3.2 through 3.2.1.8 Tivoli Storage FlashCopy Manager for Windows versions prior to 4.1.4

Description The issue allows local users to obtain sensitive information by reading the application trace output when application tracing is configured. This occurs because cleartext passwords are written during the execution of the changetsmpassword command.

Recommendations For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 5.5 through 5.5.6.2, update to version 5.5.6.2 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.6, update to version 6.3.1.6 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.8, update to version 6.4.1.8 or later. For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions prior to 7.1.4, update to version 7.1.4 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 5.5 through 5.5.1.1, update to version 5.5.1.1 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.1 through 6.3.1.6, update to version 6.3.1.6 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.4 through 6.4.1.8, update to version 6.4.1.8 or later. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions prior to 7.1.4, update to version 7.1.4 or later. For Tivoli Storage FlashCopy Manager for Windows versions 2.x through 3.1.1.6, update to version 3.1.1.6 or later. For Tivoli Storage FlashCopy Manager for Windows versions 3.2 through 3.2.1.8, update to version 3.2.1.8 or later. For Tivoli Storage FlashCopy Manager for Windows versions prior to 4.1.4, update to version 4.1.4 or later.