Lucene search

IbmCVE-2016-6044

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-6044

2017-02-0120:59:01

CWE-284

ibm

web.nvd.nist.gov

cve-2016-6044

ibm

tivoli

storage manager

operations center

authenticated attacker

rest api

security policy

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

18.9%

JSON

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application’s REST API, which may let the attacker violate security policy.

Affected configurations

Nvd

Vulners

Node

ibmtivoli_storage_managerMatch6.4.1

ibmtivoli_storage_managerMatch6.4.1.1

ibmtivoli_storage_managerMatch6.4.2

ibmtivoli_storage_managerMatch6.4.2.1

ibmtivoli_storage_managerMatch6.4.2.2

ibmtivoli_storage_managerMatch6.4.2.3

ibmtivoli_storage_managerMatch6.4.2.4

ibmtivoli_storage_managerMatch7.1

ibmtivoli_storage_managerMatch7.1.0.1

ibmtivoli_storage_managerMatch7.1.0.2

ibmtivoli_storage_managerMatch7.1.1.1

ibmtivoli_storage_managerMatch7.1.1.2

ibmtivoli_storage_managerMatch7.1.3

ibmtivoli_storage_managerMatch7.1.3.1

ibmtivoli_storage_managerMatch7.1.3.2

ibmtivoli_storage_managerMatch7.1.4

ibmtivoli_storage_managerMatch7.1.4.1

ibmtivoli_storage_managerMatch7.1.4.2

ibmtivoli_storage_managerMatch7.1.7

VendorProductVersionCPE
ibmtivoli_storage_manager6.4.1cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4.1.1cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4.2cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4.2.1cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4.2.2cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4.2.3cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4.2.4cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*
ibmtivoli_storage_manager7.1cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager7.1.0.1cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager7.1.0.2cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager	6.4.1	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:::::::*
ibm	tivoli_storage_manager	6.4.1.1	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:::::::*
ibm	tivoli_storage_manager	6.4.2	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:::::::*
ibm	tivoli_storage_manager	6.4.2.1	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:::::::*
ibm	tivoli_storage_manager	6.4.2.2	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:::::::*
ibm	tivoli_storage_manager	6.4.2.3	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:::::::*
ibm	tivoli_storage_manager	6.4.2.4	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:::::::*
ibm	tivoli_storage_manager	7.1	cpe:2.3:a:ibm:tivoli_storage_manager:7.1:::::::*
ibm	tivoli_storage_manager	7.1.0.1	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:::::::*
ibm	tivoli_storage_manager	7.1.0.2	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Tivoli Storage Manager Extended Edition",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "6.4"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.1.1"
      },
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "6.2"
      },
      {
        "status": "affected",
        "version": "6.3"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21995754

www.securityfocus.com/bid/95091

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

18.9%

JSON

Related for CVE-2016-6044