CVSS: 5.5EPSS: 0%CPEs: 65EXPL: 0CVE-2016-8939
https://notcve.org/view.php?id=CVE-2016-8939
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. Clientes y agentes de Tivoli Storage Manager de IBM (Spectrum Protect versiones 7.1 y 8.1 de IBM), almacenan información de contraseñas en el Registro Windows de una manera que pueda verse comprometida. ID de IBM X-Force: 118790. • http://www.ibm.com/support/docview.wss?uid=swg22003738 http://www.securityfocus.com/bid/98783 http://www.securitytracker.com/id/1038607 https://exchange.xforce.ibmcloud.com/vulnerabilities/118790 https://improsec.com/blog/vulnerability-in-tsm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2016-8940
https://notcve.org/view.php?id=CVE-2016-8940
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3 y 7.1 no realiza comprobación de autoridad suficiente en consultas SQL. • http://www.ibm.com/support/docview.wss?uid=swg21998946 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2016-8998
https://notcve.org/view.php?id=CVE-2016-8998
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747. IBM Tivoli Storage Manager Server 7.1 podría permitir a un usuario autenticado con privilegios de administrador TSM provocar un desbordamiento de búfer utilizando una consulta SQL especialmente manipulada y ejecutar código arbitrario en el servidor. Referencia de IBM: 1998747. • http://www.ibm.com/support/docview.wss?uid=swg21998747 http://www.securityfocus.com/bid/96443 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6044
https://notcve.org/view.php?id=CVE-2016-6044
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. IBM Tivoli Storage Manager Operations Center podría permitir a un atacante autenticado para habilitar o deshabilitar la APRI REST de la aplicación, lo que puede permitir que el atacante viole la política de seguridad. • http://www.ibm.com/support/docview.wss?uid=swg21995754 http://www.securityfocus.com/bid/95091 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6043
https://notcve.org/view.php?id=CVE-2016-6043
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. Tivoli Storage Manager Operations Center podría permitir a un usuario local asumir el control de un usuario previamente registrado debido a que la expiración de sesión no está forzada. • http://www.ibm.com/support/docview.wss?uid=swg21995754 http://www.securityfocus.com/bid/95090 • CWE-384: Session Fixation •