Unsecured Credentials Exposure in IBM Tivoli Storage Manager Affecting VMware vCenter
CVE-2016-6110

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Tivoli Storage Manager
Vendor: CVE Published:; 1 February 2017

Summary

IBM Tivoli Storage Manager is susceptible to a vulnerability where it discloses unencrypted login credentials related to VMware vCenter. This issue allows a local user with access to the system to potentially capture sensitive credentials, leading to unauthorized access to the vCenter system. Organizations using this software should be aware of this risk and take necessary measures to mitigate the disclosure of sensitive information.

Affected Version(s)

Tivoli Storage Manager 5.3.5.3

Tivoli Storage Manager 5.4.1.2

Tivoli Storage Manager 4.2

References

http://www.ibm.com/support/docview.wss?uid=swg21996198

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95306

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Jun 29, 2016