CVE-2016-3059

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Tivoli Storage Flashcopy Manager For Sql Server; Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
Vendor: CVE Published:; 8 August 2016

Summary

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21987333

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036488

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2016
Vulnerability Reserved
Mar 9, 2016