PT-2016-5347 · Ibm+1 · Ibm Tivoli Storage Manager For Databases: Data Protection For Microsoft Sql Server+2
Published
2016-08-08
·
Updated
2019-07-18
·
CVE-2016-3059
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.7
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.9
Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.1 through 3.1.1.7
Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.2 through 3.2.1.9
Description
The issue allows local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.
Recommendations
For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.3 through 6.3.1.7, update to version 6.3.1.7 or later.
For IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server versions 6.4 through 6.4.1.9, update to version 6.4.1.9 or later.
For Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.1 through 3.1.1.7, update to version 3.1.1.7 or later.
For Tivoli Storage FlashCopy Manager for Microsoft SQL Server versions 3.2 through 3.2.1.9, update to version 3.2.1.9 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tivoli Storage Manager For Databases: Data Protection For Microsoft Sql Server
Sql Server
Tivoli Storage Flashcopy Manager For Microsoft Sql Server