Vulnerability CVE-2017-1339


Published: 2017-10-05   Modified: 2017-10-13

Description:
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.

Vendor: IBM
Product: Tivoli storage manager 
Version:
8.1.1.100
8.1.1
8.1.0
7.1.7.200
7.1.7.100
7.1.7
7.1.6
7.1.5.200
7.1.5
7.1.4.2
7.1.4.1
7.1.4
7.1.3.2
7.1.3.100
7.1.3.1
7.1.3.000
7.1.3
7.1.1.300
7.1.1.200
7.1.1.2
7.1.1.100
7.1.1.1
7.1.1
7.1.0.3
7.1.0.2
7.1.0.1
7.1..5.100
7.1
6.4.3.1
6.4.3
6.4.2.600
6.4.2.500
6.4.2.200
6.4.2.100
6.4.2
6.4.1.0
6.4.1
6.3.6.100
6.3.6
6.3.5.1
6.3.5
6.3.4
6.3.3
6.3.2.2
6.3.1.2
6.3.1
6.3.0.5
6.3.0.17
6.3.0.15
6.3
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5.6
6.1.5.5
6.1.5.4
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.1

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.ibm.com/support/docview.wss?uid=swg22007936
http://www.securityfocus.com/bid/101113
http://www.securitytracker.com/id/1039498
https://exchange.xforce.ibmcloud.com/vulnerabilities/126247

Related CVE
CVE-2017-1554
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's clic...
CVE-2017-1552
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, ...
CVE-2017-1340
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
CVE-2017-1333
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.
CVE-2017-1148
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
CVE-2016-3048
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...
CVE-2017-15535
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ...
CVE-2017-1232
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.

Copyright 2017, cxsecurity.com

 

Back to Top