CVE-2015-6557
IBM Tivoli Storage FlashCopy Manager 3.1-3.1.1.4, 3.2-3.2.1.6, 4.1-4.1.1 Sensitive Info Exposure
Title source: llmDescription
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21963630
Scores
EPSS
0.0033
EPSS Percentile
24.8%
Details
CWE
CWE-200
Status
published
Products (31)
ibm/tivoli_storage_flashcopy_manager
3.1.0
ibm/tivoli_storage_flashcopy_manager
3.1.1
ibm/tivoli_storage_flashcopy_manager
3.2.0
ibm/tivoli_storage_flashcopy_manager
3.2.1
ibm/tivoli_storage_flashcopy_manager
4.1.0
ibm/tivoli_storage_flashcopy_manager
4.1.1
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.1
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.2
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.3
... and 21 more
Published
Aug 23, 2015
Tracked Since
Feb 18, 2026