SQL Query Vulnerability in IBM Tivoli Storage Manager by IBM
CVE-2016-8940

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 March 2017

Summary

The vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect) involves inadequate authority checks on SQL queries. This flaw allows attackers to execute unauthorized SQL queries that can access sensitive database tables, which may expose confidential information, including passwords and other critical data. Organizations utilizing affected versions must ensure they implement necessary security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Tivoli Storage Manager 5.3.5.3

Tivoli Storage Manager 5.4.1.2

Tivoli Storage Manager 4.2

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.