SQL Query Vulnerability in IBM Tivoli Storage Manager by IBM
CVE-2016-8940
8.8HIGH
Summary
The vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect) involves inadequate authority checks on SQL queries. This flaw allows attackers to execute unauthorized SQL queries that can access sensitive database tables, which may expose confidential information, including passwords and other critical data. Organizations utilizing affected versions must ensure they implement necessary security measures to mitigate potential risks associated with this vulnerability.
Affected Version(s)
Tivoli Storage Manager 5.3.5.3
Tivoli Storage Manager 5.4.1.2
Tivoli Storage Manager 4.2
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved