CVE-2015-6557

IBM Tivoli Storage FlashCopy Manager 3.1-3.1.1.4, 3.2-3.2.1.6, 4.1-4.1.1 Sensitive Info Exposure

Title source: llm
STIX 2.1

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21963630

Scores

EPSS 0.0033
EPSS Percentile 24.8%

Details

CWE
CWE-200
Status published
Products (31)
ibm/tivoli_storage_flashcopy_manager 3.1.0
ibm/tivoli_storage_flashcopy_manager 3.1.1
ibm/tivoli_storage_flashcopy_manager 3.2.0
ibm/tivoli_storage_flashcopy_manager 3.2.1
ibm/tivoli_storage_flashcopy_manager 4.1.0
ibm/tivoli_storage_flashcopy_manager 4.1.1
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server 5.5
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server 5.5.1
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server 5.5.2
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server 5.5.3
... and 21 more
Published Aug 23, 2015
Tracked Since Feb 18, 2026