IBM Tivoli Storage Manager for Virtual Environments Vulnerability Disclosure of Windows Domain Credentials
CVE-2016-6034

6.8MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

An information disclosure vulnerability exists in IBM Tivoli Storage Manager for Virtual Environments. This flaw allows a user with elevated privileges to access sensitive Windows domain credentials, potentially compromising the security of the environment. Attackers leveraging this vulnerability could exploit the exposure of credentials to gain unauthorized access to critical systems, underscoring the need for immediate attention and mitigation.

Affected Version(s)

Tivoli Storage Manager for Virtual Environments 6.3

Tivoli Storage Manager for Virtual Environments 6.4

Tivoli Storage Manager for Virtual Environments 7.1

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.