IBM Tivoli Storage Manager for Virtual Environments Vulnerability Disclosure of Windows Domain Credentials
CVE-2016-6034

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager For Virtual Environments
Vendor: CVE Published:; 1 February 2017

Summary

An information disclosure vulnerability exists in IBM Tivoli Storage Manager for Virtual Environments. This flaw allows a user with elevated privileges to access sensitive Windows domain credentials, potentially compromising the security of the environment. Attackers leveraging this vulnerability could exploit the exposure of credentials to gain unauthorized access to critical systems, underscoring the need for immediate attention and mitigation.

Affected Version(s)

Tivoli Storage Manager for Virtual Environments 6.3

Tivoli Storage Manager for Virtual Environments 6.4

Tivoli Storage Manager for Virtual Environments 7.1

References

http://www.securityfocus.com/bid/95976

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21995544

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Jun 29, 2016