Lucene search
IbmCVE-2015-7404HistoryNov 14, 2015 - 3:59 a.m.
CVE-2015-7404
2015-11-1403:59:05
CWE-200
ibm
web.nvd.nist.gov
27
ibm
tivoli storage manager
data protection
microsoft sql server
spectrum protect
cve-2015-7404
nvd
security vulnerability
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.
Affected configurations
Node
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5.2
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5.3
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5.4
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5.5
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch5.5.6
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.3
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.3.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.3.1.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.3.1.2
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.3.1.3
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.3.1.5
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.0.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.0.2
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.1.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.1.2
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.1.3
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.1.4
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch6.4.1.7
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch7.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch7.1.0.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch7.1.0.2
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch7.1.1.1
ORibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_serverMatch7.1.2.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch5.5
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch5.5.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.1.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.1.2
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.1.3
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.3
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.3.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.4
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch6.4.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1.0.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1.0.2
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1.2.0
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1.2.1
ORibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_serverMatch7.1.3.0
Node
ibmtivoli_storage_flashcopy_managerMatch2.1.0
ORibmtivoli_storage_flashcopy_managerMatch2.2.0
ORibmtivoli_storage_flashcopy_managerMatch2.2.1
ORibmtivoli_storage_flashcopy_managerMatch3.1.0
ORibmtivoli_storage_flashcopy_managerMatch3.1.1
ORibmtivoli_storage_flashcopy_managerMatch3.2.0
ORibmtivoli_storage_flashcopy_managerMatch3.2.1
ORibmtivoli_storage_flashcopy_managerMatch4.1.0
ORibmtivoli_storage_flashcopy_managerMatch4.1.0.1
ORibmtivoli_storage_flashcopy_managerMatch6.1.3
microsoftwindows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5.1 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.1:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5.2 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.2:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5.3 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.3:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5.4 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.4:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5.5 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.5:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 5.5.6 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.6:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 6.3 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 6.3.1 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server | 6.3.1.1 | cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.1:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-11-14 03:59:00
cvelist
cvelist
CVE-2015-7404
2015-11-14 02:00:00
nvd
nvd
CVE-2015-7404
2015-11-14 03:59:05
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2015-7404