IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments) VMware vSphere GUI is vulnerable to a password disclosure.
CVEID: CVE-2016-6034**
DESCRIPTION:** IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116893 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)
The following levels of IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) are affected:
Tivoli Storage Manager for VE: Data Protection for VMware Release
| First Fixing VRMF Level|Client Platform|Link to Fix / Fix Availability Target
—|—|—|—
7.1| 7.1.6.4| Windows| ** **<http://www.ibm.com/support/docview.wss?uid=swg24042520>
None