CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0CVE-2016-8937
https://notcve.org/view.php?id=CVE-2016-8937
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. El protocolo de autenticación por defecto de IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) es vulnerable a ataques de fuerza bruta ya que revela demasiada información durante el proceso de autenticación. Un atacante podría obtener acceso administrativo o de usuario al servidor TSM. • http://www.ibm.com/support/docview.wss?uid=swg22007935 https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 • CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 65EXPL: 0CVE-2017-1339
https://notcve.org/view.php?id=CVE-2017-1339
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. El servidor de IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) utiliza un cifrado de contraseña débil. Un administrador de la base de datos podría descifrar la contraseña del cliente o administrador de IBM Spectrum Protect, pudiendo provocar que se divulgue información o una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=swg22007936 http://www.securityfocus.com/bid/101113 http://www.securitytracker.com/id/1039498 https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 65EXPL: 0CVE-2016-8939
https://notcve.org/view.php?id=CVE-2016-8939
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. Clientes y agentes de Tivoli Storage Manager de IBM (Spectrum Protect versiones 7.1 y 8.1 de IBM), almacenan información de contraseñas en el Registro Windows de una manera que pueda verse comprometida. ID de IBM X-Force: 118790. • http://www.ibm.com/support/docview.wss?uid=swg22003738 http://www.securityfocus.com/bid/98783 http://www.securitytracker.com/id/1038607 https://exchange.xforce.ibmcloud.com/vulnerabilities/118790 https://improsec.com/blog/vulnerability-in-tsm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 36EXPL: 0CVE-2016-8916
https://notcve.org/view.php?id=CVE-2016-8916
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. IBM Tivoli Storage Manager en versiones 5.5, 6.1-6.4, y 7.1 almacena información de contraseñas en un fichero de log que puede ser leído por un usuario local cuando se ejecuta un comando set passsword. IBM X-Force ID: 118472. • http://www.ibm.com/support/docview.wss?uid=swg21998166 http://www.securityfocus.com/bid/98335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2016-8940
https://notcve.org/view.php?id=CVE-2016-8940
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3 y 7.1 no realiza comprobación de autoridad suficiente en consultas SQL. • http://www.ibm.com/support/docview.wss?uid=swg21998946 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •