CVE-2016-3059

MEDIUM

IBM Tivoli Storage Flashcopy Manager ... - Information Disclosure

Title source: rule

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.

References (2)

[Mitigation, Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21987333

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036488

Scores

CVSS v3 6.2

EPSS 0.0006

EPSS Percentile 17.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (2)

ibm/tivoli_storage_flashcopy_manager_for_sql_server < 3.1.1.6

ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server < 6.3.1.8

Timeline

Published Aug 08, 2016

Tracked Since Feb 18, 2026