CVE-2016-5927

MEDIUM

IBM Tivoli Storage Manager for Space Management <6.3.2.6-7.1.6 - In...

Title source: llm

Description

IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1IT15203

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21989006

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92723

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 15.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (13)

ibm/tivoli_storage_manager_for_space_management

n/a/n/a

Timeline

Published Sep 12, 2016

Tracked Since Feb 18, 2026