CVE-2015-4949
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.
Vulnerabilidad en IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server en 7.1 en versiones anteriores a 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server en 7.1 en versiones anteriores a 7.1.2 y en Tivoli Storage FlashCopy Manager en 4.1 en versiones anteriores a 4.1.2, coloca las contraseñas en texto plano en mensajes de excepción, permite a atacantes físicamente próximos obtener información sensible mediante la lectura de las ventanas emergentes GUI, una vulnerabilidad diferente a CVE-2015-6557.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-24 CVE Reserved
- 2015-08-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033270 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21963630 | 2017-09-21 |
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480 | 2017-09-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Tivoli Storage Flashcopy Manager Search vendor "Ibm" for product "Tivoli Storage Flashcopy Manager" | 4.1.0 Search vendor "Ibm" for product "Tivoli Storage Flashcopy Manager" and version "4.1.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Flashcopy Manager Search vendor "Ibm" for product "Tivoli Storage Flashcopy Manager" | 4.1.2 Search vendor "Ibm" for product "Tivoli Storage Flashcopy Manager" and version "4.1.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server Search vendor "Ibm" for product "Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server" | 7.1 Search vendor "Ibm" for product "Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server" and version "7.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server Search vendor "Ibm" for product "Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server" | 7.2 Search vendor "Ibm" for product "Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server" and version "7.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server Search vendor "Ibm" for product "Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server" | 7.1 Search vendor "Ibm" for product "Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server" and version "7.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server Search vendor "Ibm" for product "Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server" | 7.2 Search vendor "Ibm" for product "Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server" and version "7.2" | - |
Affected
| ||||||