CVE-2016-8940

HIGH

IBM Tivoli Storage Manager <7.1 - SQL Injection

Title source: llm
STIX 2.1

Description

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21998946

Scores

CVSS v3 8.8
EPSS 0.0034
EPSS Percentile 56.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (50)
ibm/tivoli_storage_manager 6.1
ibm/tivoli_storage_manager 6.1.0
ibm/tivoli_storage_manager 6.1.1
ibm/tivoli_storage_manager 6.1.2
ibm/tivoli_storage_manager 6.1.3
ibm/tivoli_storage_manager 6.1.4
ibm/tivoli_storage_manager 6.1.5
ibm/tivoli_storage_manager 6.1.5.4
ibm/tivoli_storage_manager 6.1.5.5
ibm/tivoli_storage_manager 6.1.5.6
... and 40 more
Published Mar 07, 2017
Tracked Since Feb 18, 2026