CVE-2016-8939
https://notcve.org/view.php?id=CVE-2016-8939
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. Clientes y agentes de Tivoli Storage Manager de IBM (Spectrum Protect versiones 7.1 y 8.1 de IBM), almacenan información de contraseñas en el Registro Windows de una manera que pueda verse comprometida. ID de IBM X-Force: 118790. • http://www.ibm.com/support/docview.wss?uid=swg22003738 http://www.securityfocus.com/bid/98783 http://www.securitytracker.com/id/1038607 https://exchange.xforce.ibmcloud.com/vulnerabilities/118790 https://improsec.com/blog/vulnerability-in-tsm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-8916
https://notcve.org/view.php?id=CVE-2016-8916
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. IBM Tivoli Storage Manager en versiones 5.5, 6.1-6.4, y 7.1 almacena información de contraseñas en un fichero de log que puede ser leído por un usuario local cuando se ejecuta un comando set passsword. IBM X-Force ID: 118472. • http://www.ibm.com/support/docview.wss?uid=swg21998166 http://www.securityfocus.com/bid/98335 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-8940
https://notcve.org/view.php?id=CVE-2016-8940
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3 y 7.1 no realiza comprobación de autoridad suficiente en consultas SQL. • http://www.ibm.com/support/docview.wss?uid=swg21998946 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5918
https://notcve.org/view.php?id=CVE-2016-5918
IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. IBM Tivoli Storage Manager HSM para Windows muestra la contraseña cifrada Tivoli Storage Manager en la salida de rastreo de la aplicación si la opción de acceso a la contraseña es rápida y se cambia la contraseña. • http://www.ibm.com/support/docview.wss?uid=swg21988728 http://www.securityfocus.com/bid/92534 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6110
https://notcve.org/view.php?id=CVE-2016-6110
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Tivoli Storage Manager de IBM, revela credenciales de inicio de sesión no cifradas en vCenter de Vmware que podrían ser obtenidas por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21996198 http://www.securityfocus.com/bid/95306 • CWE-255: Credentials Management Errors •