SQL Query Vulnerability in IBM Tivoli Storage Manager by IBM
CVE-2016-8940

8.8HIGH

Key Information:

Vendor
IBM
Status
Tivoli Storage Manager
Vendor
CVE Published:
7 March 2017

Summary

The vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect) involves inadequate authority checks on SQL queries. This flaw allows attackers to execute unauthorized SQL queries that can access sensitive database tables, which may expose confidential information, including passwords and other critical data. Organizations utilizing affected versions must ensure they implement necessary security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Tivoli Storage Manager 5.3.5.3

Tivoli Storage Manager 5.4.1.2

Tivoli Storage Manager 4.2

References

http://www.ibm.com/support/docview.wss?uid=swg21998946
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.