Vulnerabilites related to ibm - tivoli_storage_flashcopy_manager
CVE-2013-3976 (GCVE-0-2013-3976)
Vulnerability from cvelistv5
Published
2014-03-26 10:00
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC81223",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223"
},
{
"name": "tsm-cve20133976-info-disclosure(84881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IC81223",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223"
},
{
"name": "tsm-cve20133976-info-disclosure(84881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC81223",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223"
},
{
"name": "tsm-cve20133976-info-disclosure(84881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3976",
"datePublished": "2014-03-26T10:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7404 (GCVE-0-2015-7404)
Vulnerability from cvelistv5
Published
2015-11-14 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"
},
{
"name": "IT11349",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-14T03:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"
},
{
"name": "IT11349",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"
},
{
"name": "IT11349",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7404",
"datePublished": "2015-11-14T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1988 (GCVE-0-2015-1988)
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-04T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967532",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1988",
"datePublished": "2015-10-04T01:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6557 (GCVE-0-2015-6557)
Vulnerability from cvelistv5
Published
2015-08-23 01:00
Modified
2024-08-06 07:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IT03480",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-23T01:57:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IT03480",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT03480",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6557",
"datePublished": "2015-08-23T01:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4949 (GCVE-0-2015-4949)
Vulnerability from cvelistv5
Published
2015-08-23 01:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IT03480",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"name": "1033270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IT03480",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"name": "1033270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT03480",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"name": "1033270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4949",
"datePublished": "2015-08-23T01:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6714 (GCVE-0-2013-6714)
Vulnerability from cvelistv5
Published
2014-05-26 19:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsflashcopy-cve20136714-sec-bypass(89057)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89057"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsflashcopy-cve20136714-sec-bypass(89057)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89057"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsflashcopy-cve20136714-sec-bypass(89057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89057"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673045",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6714",
"datePublished": "2014-05-26T19:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-11-14 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "525876F0-6E63-4AF3-BA34-D6B7D89131AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84BAD8C8-87A4-41FA-B480-072363472BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E21B096-464F-4777-9CDD-AD2BB1850C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D75A51-F385-4EB3-B4F7-AF133F8A2E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEF9535-ED13-45CF-8CB7-86096E2A0050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE9E7E8-E64F-4053-811F-F080ADDA8DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3807F5-F2E0-44B1-AFD6-8752FD578E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3216366D-1432-4665-92B8-ABA583B0EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "130BD434-03FC-4341-83A4-2772CA9C3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF658D2-CCD2-496A-8D2B-8DF14D9BD9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4910CD37-D630-48BD-AB90-C71999324560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECE394F-6310-49DF-BBEF-91D7879FEC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5CED7C-B390-439E-AC0B-C2F6A123AACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFEEDFF-FEB6-4450-AEC0-AB6B8AB2D959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8650C1-8B7D-481D-B82C-1596A935C17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8212624-3CAD-4D1D-BAEF-E1868E0B01A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9B5EB6-8448-4D99-846B-F2F27EC5C64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E97574F-F1FF-431F-BD0C-8365FBC05740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "303EF8F9-6ECA-401A-B9F0-8B98BF0704A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "234A770F-89E1-4C5E-87C0-7E1FCDFCA255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "814C4DE2-FAE3-4FED-901C-5689A3879CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3E85C85F-6C5B-454B-9355-7C38492D3395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D6C61-BED1-4936-B68C-1E4A474F4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B29282CB-2E48-4FD0-BACE-8D91910AF5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205F0FBF-DFA1-4EFC-BFF4-1226B0099965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEFED7E-FC3F-41D3-B069-9E8EF655222C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF14229-0D33-4A68-BA72-8F9CB728C1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F40EE915-80D1-429B-A35E-0F415E96ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC12F3-39C7-49FD-BB60-7C21607C77DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "881ACFC0-4354-448A-A9BB-2F5BB72358C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6978D5-4AF1-48D6-A7D5-E0158F4C8DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24E7AD18-232C-4996-931F-72545CB38B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5124F05-4C0E-422A-8CB3-E93826767ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "144ED09E-DE01-450C-84DF-DEFE9E6EE48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8D631-0EBE-47AB-AACA-9A0BA1077C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D76E0E49-1486-4518-BD46-826786BAA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56242F1E-18FA-4F9B-8354-727B43F32EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D703577-A7CC-42D4-8EA0-582B3E395BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAC6E47-07B3-430C-B7E9-7E185685DD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "722D8BD5-552B-49CE-B9FA-304368FDC6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12C8EB63-1C2C-4979-875D-751B66E22EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE59BC0-DFD4-4AC5-AEF1-85AFCBD8F7B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7CEF5D-DCDE-4913-92AF-9A03B987A0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "976E33EB-240B-4A0C-B71A-F5DB3F5230FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4065B385-6CCF-4227-8412-9C4E6FF08EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC01D70-F51D-4F55-A829-DFE0104AEF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD889452-6341-450B-9DF2-261B66A2ABB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5B7107-61B4-4B55-A138-7648D35497D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61D1CD20-0895-406E-904A-AC160C288943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1CB0C1-BDEF-497F-85AF-2E0C9585E25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06510033-B069-4135-AC6F-79464B69E807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (tambi\u00e9n conocido como Spectrum Protect for Databases) 5.5 en versiones anteriores a 5.5.6.2, 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (tambi\u00e9n conocido como Spectrum Protect for Mail) 5.5 en versiones anteriores a 5.5.1.1, 6.1 y 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; y Tivoli Storage FlashCopy Manager for Windows (tambi\u00e9n conocido como Spectrum Protect Snapshot) 2.x y 3.1 en versiones anteriores a 3.1.1.6, 3.2 en versiones anteriores a 3.2.1.8 y 4.1 en versiones anteriores a 4.1.4, cuando se configura el trazado de aplicaci\u00f3n, escribir contrase\u00f1as en texto plano durante la ejecuci\u00f3n del comando changetsmpassword, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de la traza de salida de la aplicaci\u00f3n."
}
],
"id": "CVE-2015-7404",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-14T03:59:05.350",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-26 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | data_protection | 6.1 | |
| ibm | data_protection | 6.3 | |
| ibm | flashcopy_manager | 2.1 | |
| ibm | flashcopy_manager | 2.2 | |
| ibm | flashcopy_manager | 3.1 | |
| ibm | tivoli_storage_flashcopy_manager | - | |
| ibm | tivoli_storage_manager_for_mail | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:data_protection:6.1:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "D695A61E-C8B4-42E1-AB44-8FD23B25488A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:data_protection:6.3:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "CC59ADD5-61EF-46F6-880D-4FBA867EF7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:flashcopy_manager:2.1:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "807F1BE8-11D8-4EB0-9103-FF3F71EBEC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:flashcopy_manager:2.2:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "4EF103FA-13A4-4D30-AA33-29F6E9D6B45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:flashcopy_manager:3.1:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "FC44BC47-D3D9-456A-9AB0-263E7CAB1675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE00269E-A50F-4384-BA4C-D13ED514BB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32E6682D-02F1-42AD-BED7-7D08A9024122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore."
},
{
"lang": "es",
"value": "El (1) componente Data Protection para Exchange 6.1 anterior a 6.1.3.4 y 6.3 anterior a 6.3.1 en IBM Tivoli Storage Manager para Mail y el (2) componente FlashCopy Manager para Exchange 2.2 y 3.1 anterior a 3.1.1 en IBM Tivoli Storage FlashCopy Manager no limitan debidamente contenidos de buz\u00f3n durante ciertas operaciones de restablecer PST, lo que permite a usuarios remotos autenticados leer el email personal de otros usuarios en circunstancias oportunistas mediante el lanzamiento de un cliente de email despu\u00e9s de que un administrador realice un restablecimiento de m\u00faltiples buzones."
}
],
"evaluatorImpact": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21644407\n\n\"AFFECTED PRODUCTS AND VERSIONS:\n\n Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 and 6.3\n Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Sever 2.1, 2.2, and 3.1\"",
"id": "CVE-2013-3976",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-26T10:55:05.117",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-23 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "245C0CD0-B971-4449-89D3-796496DCF940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C60F5DDA-A7A5-4595-9C39-0D36E8FD3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64FDDDA0-3192-4288-A309-FA788C829382",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."
},
{
"lang": "es",
"value": "Vulnerabilidad en IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server en 7.1 en versiones anteriores a 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server en 7.1 en versiones anteriores a 7.1.2 y en Tivoli Storage FlashCopy Manager en 4.1 en versiones anteriores a 4.1.2, coloca las contrase\u00f1as en texto plano en mensajes de excepci\u00f3n, permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible mediante la lectura de las ventanas emergentes GUI, una vulnerabilidad diferente a CVE-2015-6557."
}
],
"id": "CVE-2015-4949",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-23T01:59:02.753",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1033270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033270"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-23 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480 | Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg21963630 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21963630 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC01D70-F51D-4F55-A829-DFE0104AEF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD889452-6341-450B-9DF2-261B66A2ABB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5B7107-61B4-4B55-A138-7648D35497D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61D1CD20-0895-406E-904A-AC160C288943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B39B501-9095-47D7-B51C-0FF9696905D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "525876F0-6E63-4AF3-BA34-D6B7D89131AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84BAD8C8-87A4-41FA-B480-072363472BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E21B096-464F-4777-9CDD-AD2BB1850C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D75A51-F385-4EB3-B4F7-AF133F8A2E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEF9535-ED13-45CF-8CB7-86096E2A0050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE9E7E8-E64F-4053-811F-F080ADDA8DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3807F5-F2E0-44B1-AFD6-8752FD578E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3216366D-1432-4665-92B8-ABA583B0EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "130BD434-03FC-4341-83A4-2772CA9C3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFEEDFF-FEB6-4450-AEC0-AB6B8AB2D959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9B5EB6-8448-4D99-846B-F2F27EC5C64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94A54B90-1899-4B9C-85F3-6F1B8679FA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF14229-0D33-4A68-BA72-8F9CB728C1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F40EE915-80D1-429B-A35E-0F415E96ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC12F3-39C7-49FD-BB60-7C21607C77DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "881ACFC0-4354-448A-A9BB-2F5BB72358C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6978D5-4AF1-48D6-A7D5-E0158F4C8DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24E7AD18-232C-4996-931F-72545CB38B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B5124F05-4C0E-422A-8CB3-E93826767ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "144ED09E-DE01-450C-84DF-DEFE9E6EE48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B8D631-0EBE-47AB-AACA-9A0BA1077C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D76E0E49-1486-4518-BD46-826786BAA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAC6E47-07B3-430C-B7E9-7E185685DD88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949."
},
{
"lang": "es",
"value": "Vulnerabilidad en IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server en 5.5 en versiones anteriores a 5.5.6.1, en 6.3 en versiones anteriores a 6.3.1.5, en 6.4 en versiones anteriores a 6.4.1.7 y en 7.1 en versiones anteriores a 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server en en 5.5 en versiones anteriores a 5.5.1.1, en 6.1 en versiones anteriores a 6.1.3.7, en 6.3 en versiones anteriores a 6.3.1.5, en 6.4 en versiones anteriores a 6.4.1.7 y en 7.1 en versiones anteriores a 7.1.2 y en Tivoli Storage FlashCopy Manager en 3.1 en versiones anteriores a 3.1.1.5, en 3.2 en versiones anteriores a 3.2.1.7 y en 4.1 en versiones anteriores a 4.1.2, cuando se utiliza el rastreo de aplicaciones, colocando las contrase\u00f1as en texto plano en mensajes de excepci\u00f3n, permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible mediante la lectura de salida del rastreo, una vulnerabilidad diferente a CVE-2015-4949."
}
],
"id": "CVE-2015-6557",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-23T01:59:03.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-26 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_flashcopy_manager | 3.1.0 | |
| ibm | tivoli_storage_flashcopy_manager | 3.1.1 | |
| ibm | tivoli_storage_flashcopy_manager | 3.2.0 | |
| ibm | tivoli_storage_flashcopy_manager | 3.2.1 | |
| ibm | tivoli_storage_flashcopy_manager | 4.1.0 | |
| ibm | tivoli_storage_flashcopy_manager | 4.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC01D70-F51D-4F55-A829-DFE0104AEF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD889452-6341-450B-9DF2-261B66A2ABB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5B7107-61B4-4B55-A138-7648D35497D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61D1CD20-0895-406E-904A-AC160C288943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1CB0C1-BDEF-497F-85AF-2E0C9585E25E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions."
},
{
"lang": "es",
"value": "El componente FlashCopy Manager For VMware en IBM Tivoli Storage FlashCopy Manager 3.1 hasta 4.1.0.1 no comprueba debidamente autorizaci\u00f3n para operaciones de copia de seguridad y restauraci\u00f3n, lo que permite a usuarios locales obtener datos VM sensibles o causar una denegaci\u00f3n de servicio (sobreescritura de datos o consumo de disco) a trav\u00e9s de acciones GUI no especificadas."
}
],
"id": "CVE-2013-6714",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-26T19:55:04.200",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673045"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89057"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01F908AE-3A75-4F6F-ACAB-24045D4171A4",
"versionEndExcluding": "3.1.1.3",
"versionStartIncluding": "3.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600ED730-7940-4C6C-A6A4-5A1503056FA9",
"versionEndExcluding": "3.2.0.6",
"versionStartIncluding": "3.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFA200F-286C-46E3-8A75-EF9C54BF7463",
"versionEndIncluding": "4.1.3.0",
"versionStartIncluding": "4.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73ECE009-F659-41A9-AB60-1E68C5C8C9DE",
"versionEndExcluding": "6.3.2.5",
"versionStartIncluding": "6.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B99A47E9-B1DF-498F-B4AE-D5BA8E09C4AC",
"versionEndExcluding": "6.4.3.1",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF652AD-2DDF-439A-B530-168217D5115B",
"versionEndExcluding": "7.1.3.0",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Tivoli Storage Manger para Virtual Environments: Data Protection for VMware 6.3 en versiones anteriores a 6.3.2.5, 6.4 en versiones anteriores a 6.4.3.1 y 7.1 en versiones anteriores a 7.1.3 y Tivoli Storage FlashCopy Manager for VMware 3.1 en versiones anteriores a 3.1.1.3, 3.2 en versiones anteriores a 3.2.0.6 y 4.1 en versiones anteriores a 4.1.3.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-1988",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-04T02:59:05.550",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967532"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}