Unsecured Credentials Exposure in IBM Tivoli Storage Manager Affecting VMware vCenter
CVE-2016-6110
6.5MEDIUM
Summary
IBM Tivoli Storage Manager is susceptible to a vulnerability where it discloses unencrypted login credentials related to VMware vCenter. This issue allows a local user with access to the system to potentially capture sensitive credentials, leading to unauthorized access to the vCenter system. Organizations using this software should be aware of this risk and take necessary measures to mitigate the disclosure of sensitive information.
Affected Version(s)
Tivoli Storage Manager 5.3.5.3
Tivoli Storage Manager 5.4.1.2
Tivoli Storage Manager 4.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved