Plain Text Password Exposure in Tivoli Storage Manager by IBM
CVE-2016-0371

5.5MEDIUM

Key Information:

Vendor: IBM Corporation
Status: Tivoli Storage Manager
Vendor: CVE Published:; 1 February 2017

🔔 Create IBM Corporation Vulnerability Alert

What is CVE-2016-0371?

The Tivoli Storage Manager (TSM) vulnerability arises when application tracing is enabled, potentially leading to sensitive information exposure. During tracing, the password may be logged in plain text, making it accessible to unauthorized users and increasing the risk of security breaches. It is crucial for users to manage application tracing settings to prevent unauthorized access to sensitive data.

Affected Version(s)

Tivoli Storage Manager 5.3.5.3

Tivoli Storage Manager 5.4.1.2

Tivoli Storage Manager 4.2

References

http://www.securityfocus.com/bid/94148

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21985114

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Dec 8, 2015