CVE-2015-7404

IBM Tivoli Storage Manager <5.5.6.2, <6.3.1.6, <6.4.1.8, <7.1.4 - S...

Title source: llm
STIX 2.1

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21969514
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349

Scores

EPSS 0.0040
EPSS Percentile 32.1%

Details

CWE
CWE-200
Status published
Products (50)
ibm/tivoli_storage_flashcopy_manager 2.1.0
ibm/tivoli_storage_flashcopy_manager 2.2.0
ibm/tivoli_storage_flashcopy_manager 2.2.1
ibm/tivoli_storage_flashcopy_manager 3.1.0
ibm/tivoli_storage_flashcopy_manager 3.1.1
ibm/tivoli_storage_flashcopy_manager 3.2.0
ibm/tivoli_storage_flashcopy_manager 3.2.1
ibm/tivoli_storage_flashcopy_manager 4.1.0
ibm/tivoli_storage_flashcopy_manager 4.1.0.1
ibm/tivoli_storage_flashcopy_manager 6.1.3
... and 40 more
Published Nov 14, 2015
Tracked Since Feb 18, 2026