CVE-2016-5927

MEDIUM

IBM Tivoli Storage Manager for Space Management <6.3.2.6-7.1.6 - In...

Title source: llm
STIX 2.1

Description

IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92723
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT15203
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21989006

Scores

CVSS v3 5.5
EPSS 0.0032
EPSS Percentile 23.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (12)
ibm/tivoli_storage_manager_for_space_management 6.3.0
ibm/tivoli_storage_manager_for_space_management 6.3.2
ibm/tivoli_storage_manager_for_space_management 6.4.0
ibm/tivoli_storage_manager_for_space_management 6.4.0.0
ibm/tivoli_storage_manager_for_space_management 6.4.1
ibm/tivoli_storage_manager_for_space_management 6.4.2
ibm/tivoli_storage_manager_for_space_management 6.4.3
ibm/tivoli_storage_manager_for_space_management 7.1.0
ibm/tivoli_storage_manager_for_space_management 7.1.1
ibm/tivoli_storage_manager_for_space_management 7.1.2
... and 2 more
Published Sep 12, 2016
Tracked Since Feb 18, 2026