Home Unlabelled IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager for Space Management (CVE-2016-0371)

IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager for Space Management (CVE-2016-0371)

By
Tuesday, November 08, 2016
Read
Add Comment

When application tracing is enabled and a password change operation is performed, the Tivoli Storage Manager (IBM Spectrum Protect) password is displayed in plain text in the trace output when using IBM Tivoli Storage Manager for Space Management (IBM Spectrum Protect for Space Management).

CVE(s): CVE-2016-0371

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager for Space Management (IBM Spectrum Protect for Space Management) are affected:

  • 7.1.0.0 through 7.1.6.2
  • 6.4.0.0 through 6.4.3.3
  • 6.3.0.0 through 6.3.2.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fvHsVO
X-Force Database: http://ift.tt/2ffDKC1



from IBM Product Security Incident Response Team http://ift.tt/2fvBT9I
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us