Unsecured Credentials Exposure in IBM Tivoli Storage Manager Affecting VMware vCenter
CVE-2016-6110

6.5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Tivoli Storage Manager is susceptible to a vulnerability where it discloses unencrypted login credentials related to VMware vCenter. This issue allows a local user with access to the system to potentially capture sensitive credentials, leading to unauthorized access to the vCenter system. Organizations using this software should be aware of this risk and take necessary measures to mitigate the disclosure of sensitive information.

Affected Version(s)

Tivoli Storage Manager 5.3.5.3

Tivoli Storage Manager 5.4.1.2

Tivoli Storage Manager 4.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.