CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0CVE-2016-8937
https://notcve.org/view.php?id=CVE-2016-8937
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. El protocolo de autenticación por defecto de IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) es vulnerable a ataques de fuerza bruta ya que revela demasiada información durante el proceso de autenticación. Un atacante podría obtener acceso administrativo o de usuario al servidor TSM. • http://www.ibm.com/support/docview.wss?uid=swg22007935 https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 • CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 65EXPL: 0CVE-2017-1339
https://notcve.org/view.php?id=CVE-2017-1339
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. El servidor de IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) utiliza un cifrado de contraseña débil. Un administrador de la base de datos podría descifrar la contraseña del cliente o administrador de IBM Spectrum Protect, pudiendo provocar que se divulgue información o una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=swg22007936 http://www.securityfocus.com/bid/101113 http://www.securitytracker.com/id/1039498 https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 62EXPL: 0CVE-2017-1301
https://notcve.org/view.php?id=CVE-2017-1301
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. IBM Spectrum Protect 7.1 y 8.1 podría permitir que un atacante local realice un ataque symlink. • http://www.ibm.com/support/docview.wss?uid=swg22006248 http://www.securityfocus.com/bid/101107 https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0CVE-2017-1378
https://notcve.org/view.php?id=CVE-2017-1378
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) revela las credenciales sin cifrar de inicio de sesión de Vmware vCenter en la salida de la traza de la aplicación, las cuales las puede obtener un usuario local. IBM X-Force ID: 126875. • http://www.ibm.com/support/docview.wss?uid=swg22006215 https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 65EXPL: 0CVE-2016-8939
https://notcve.org/view.php?id=CVE-2016-8939
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. Clientes y agentes de Tivoli Storage Manager de IBM (Spectrum Protect versiones 7.1 y 8.1 de IBM), almacenan información de contraseñas en el Registro Windows de una manera que pueda verse comprometida. ID de IBM X-Force: 118790. • http://www.ibm.com/support/docview.wss?uid=swg22003738 http://www.securityfocus.com/bid/98783 http://www.securitytracker.com/id/1038607 https://exchange.xforce.ibmcloud.com/vulnerabilities/118790 https://improsec.com/blog/vulnerability-in-tsm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •