CVSS: 5.5EPSS: 0%CPEs: 36EXPL: 0CVE-2016-8916
https://notcve.org/view.php?id=CVE-2016-8916
05 May 2017 — IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. IBM Tivoli Storage Manager en versiones 5.5, 6.1-6.4, y 7.1 almacena información de contraseñas en un fichero de log que puede ser leído por un usuario local cuando se ejecuta un comando set passsword. IBM X-Force ID: 118472. • http://www.ibm.com/support/docview.wss?uid=swg21998166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6110
https://notcve.org/view.php?id=CVE-2016-6110
01 Feb 2017 — IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Tivoli Storage Manager de IBM, revela credenciales de inicio de sesión no cifradas en vCenter de Vmware que podrían ser obtenidas por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21996198 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2016-0371
https://notcve.org/view.php?id=CVE-2016-0371
01 Feb 2017 — The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. La contraseña de Tivoli Storage Manager (TSM) puede ser mostrada en texto plano a través de la salida de rastreo de la aplicación mientras el rastreo de aplicaciones está habilitado. • http://www-01.ibm.com/support/docview.wss?uid=swg21985114 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2016-5985
https://notcve.org/view.php?id=CVE-2016-5985
01 Feb 2017 — The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash. El cliente IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX es vulnerable a un desbordamiento de búfer cuando Journal-Based Backup está habilitado. Un atacante local podría desboradr un búfer y ejecutar código arbitrario en el sistema o provocar una caída del si... • http://www.ibm.com/support/docview.wss?uid=swg21993695 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.5EPSS: 0%CPEs: 66EXPL: 0CVE-2016-2894
https://notcve.org/view.php?id=CVE-2016-2894
03 Jul 2016 — IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 hasta la versión 6.3 en versiones anteriores a 6.3.2.6, 6.4 en versiones anteriores a 6.4.3.3 y 7.1 en versiones anteriores a 7.1.6 pe... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2015-7408
https://notcve.org/view.php?id=CVE-2015-7408
15 Feb 2016 — The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority. El servidor en IBM Spectrum Protect (también conocido como Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.5.1 y 7.x en versiones anteriores a 7.1.4 no restringe adecuadamente el uso de la opción ASNODENAME, lo que permite a atacantes... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4951
https://notcve.org/view.php?id=CVE-2015-4951
20 Jan 2016 — Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. Client Acceptor Daemon (CAD) en el client en IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.2.5, 6.4 en versiones anteriores a 6.4.3.1 y 7.1 en versiones anteriores a 7.1.3 permite a atacante... • http://www-01.ibm.com/support/docview.wss?uid=swg21973484 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2015-7404
https://notcve.org/view.php?id=CVE-2015-7404
14 Nov 2015 — IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2015-6557
https://notcve.org/view.php?id=CVE-2015-6557
23 Aug 2015 — IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exce... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4818
https://notcve.org/view.php?id=CVE-2014-4818
24 Feb 2015 — dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors. dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x anterior a 6.4.3, y 7.1.x anterior a 7.1.2 permite a usuarios locales descubrir la contraseña de la clave del cifrado de backup/restore a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •