CVE-2016-8940 in Tivoli Storage Managerinfo

Summary

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

10/25/2016

Disclosure

03/07/2017

Moderation

VulDB entry created

Entries

1: VDB-97600

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

6.5

EPSS

0.00336

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8940
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8940
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8940/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!