Home Unlabelled IBM Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

IBM Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

By
Friday, July 29, 2016
Read
Add Comment

When using IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server or IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server, the Microsoft SQL Server’s user ID and password is presented in plain text via task completion status details available within the MMC GUI’s Task List view.

CVE(s): CVE-2016-3059

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) are affected:

  • 6.4.0.0 through 6.4.1.8
  • 6.3.0.0 through 6.3.1.6

The following levels of IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (IBM Spectrum Protect Snapshot) are affected:

  • 3.2.0.0 through 3.2.1.8
  • 3.1.0.0 through 3.1.1.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aj3jLQ
X-Force Database: http://ift.tt/2ajVUPL



from IBM Product Security Incident Response Team http://ift.tt/2aj2S46
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us