Vulnerability CVE-2017-1339


Published: 2017-10-05

Description:
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.

Vendor: IBM
Product: Tivoli storage manager 
Version:
8.1.1.100
8.1.1
8.1.0
7.1.7.200
7.1.7.100
7.1.7
7.1.6
7.1.5.200
7.1.5
7.1.4.2
7.1.4.1
7.1.4
7.1.3.2
7.1.3.100
7.1.3.1
7.1.3.000
7.1.3
7.1.1.300
7.1.1.200
7.1.1.2
7.1.1.100
7.1.1.1
7.1.1
7.1.0.3
7.1.0.2
7.1.0.1
7.1..5.100
7.1
6.4.3.1
6.4.3
6.4.2.600
6.4.2.500
6.4.2.200
6.4.2.100
6.4.2
6.4.1.0
6.4.1
6.3.6.100
6.3.6
6.3.5.1
6.3.5
6.3.4
6.3.3
6.3.2.2
6.3.1.2
6.3.1
6.3.0.5
6.3.0.17
6.3.0.15
6.3
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5.6
6.1.5.5
6.1.5.4
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.1

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.ibm.com/support/docview.wss?uid=swg22007936
http://www.securityfocus.com/bid/101113
http://www.securitytracker.com/id/1039498
https://exchange.xforce.ibmcloud.com/vulnerabilities/126247

Related CVE
CVE-2018-1390
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio...
CVE-2018-1384
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2017-1767
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2017-1765
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.
CVE-2017-1747
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520.
CVE-2017-1705
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427.
CVE-2015-5016
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended ac...
CVE-2015-7434
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863.

Copyright 2018, cxsecurity.com

 

Back to Top