Home Unlabelled IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)

IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371)

By
Thursday, November 03, 2016
Read
Add Comment

When application tracing is enabled and a password change operation is performed, the Tivoli Storage Manager (IBM Spectrum Protect) password is displayed in plain text in the trace output.

CVE(s): CVE-2016-0371

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client are affected:

  • 7.1.0.0 through 7.1.6.2
  • 6.4.0.0 through 6.4.3.3
  • 6.3.0.0 through 6.3.2.5
  • 6.2, 6.1, and 5.5 all levels (these releases are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2f4LaFg
X-Force Database: http://ift.tt/2ffDKC1



from IBM Product Security Incident Response Team http://ift.tt/2f4NZWM
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us