Security Policy Violation Vulnerability in IBM Tivoli Storage Manager Operations Center
CVE-2016-6044

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager Extended Edition
Vendor: CVE Published:; 1 February 2017

Summary

An authenticated attacker could exploit a flaw in the IBM Tivoli Storage Manager Operations Center to enable or disable the application's REST API. This manipulation may result in the enforcement of security policies being compromised, allowing unauthorized actions that could breach sensitive data and configurations.

Affected Version(s)

Tivoli Storage Manager Extended Edition 6.4

Tivoli Storage Manager Extended Edition 7.1

Tivoli Storage Manager Extended Edition 7.1.1

References

http://www.securityfocus.com/bid/95091

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21995754

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Jun 29, 2016