PT-2017-9885 · Ibm · Ibm Tivoli Storage Manager+1

Kęstutis Gudinavičius

Published

2017-03-07

Updated

2017-03-14

CVE-2016-8940

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (IBM Spectrum Protect) versions 6.1 through 7.1

Description The issue arises from insufficient authority checking on SQL queries, allowing an attacker to access database tables not intended for administrative use. This access may lead to the exposure of passwords or other sensitive product information.

Recommendations For versions 6.1 through 7.1, apply the fix referenced by IBM to ensure proper authority checking on SQL queries, preventing unauthorized access to sensitive database tables.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-8940

Affected Products

Ibm Spectrum Protect

Ibm Tivoli Storage Manager

PT-2017-9885 · Ibm · Ibm Tivoli Storage Manager+1

CVE-2016-8940

Weakness Enumeration

Related Identifiers

Affected Products

References · 3