CVE-2016-3059
MEDIUMIBM Tivoli Storage Flashcopy Manager ... - Information Disclosure
Title source: ruleDescription
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.
References (2)
Core 2
Core References
Mitigation, Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21987333
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036488
Scores
CVSS v3
6.2
EPSS
0.0037
EPSS Percentile
29.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
ibm/tivoli_storage_flashcopy_manager_for_sql_server
3.1.0.0 - 3.1.1.6
ibm/tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
6.3.0.0 - 6.3.1.8
Published
Aug 08, 2016
Tracked Since
Feb 18, 2026