Ibm Tivoli_storage_manager
36 CVEs affecting Ibm Tivoli_storage_manager. Latest disclosed: 2017-10-05. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-8937 | Critical | 9.8 | 2017-10-05 | The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too m… |
CVE-2016-8940 | High | 8.8 | 2017-03-07 | IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacke… |
CVE-2016-6045 | High | 8.8 | 2017-02-01 | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized ac… |
CVE-2017-1378 | High | 7.8 | 2017-10-05 | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output wh… |
CVE-2016-5985 | High | 7.8 | 2017-02-01 | The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker coul… |
CVE-2016-8998 | High | 7.2 | 2017-02-24 | IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted… |
CVE-2016-6043 | High | 7.0 | 2017-02-01 | Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. |
CVE-2016-6110 | Medium | 6.5 | 2017-02-01 | IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. |
CVE-2017-1301 | Medium | 5.5 | 2017-10-05 | IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files in… |
CVE-2016-8939 | Medium | 5.5 | 2017-06-07 | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compro… |
CVE-2016-8916 | Medium | 5.5 | 2017-05-05 | IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is is… |
CVE-2016-0371 | Medium | 5.5 | 2017-02-01 | The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. |
CVE-2016-6046 | Medium | 5.4 | 2017-02-01 | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W… |
CVE-2015-4951 | Medium | 5.3 | 2016-01-20 | Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 be… |
CVE-2017-1339 | Medium | 4.4 | 2017-10-05 | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decryp… |
CVE-2016-6044 | Medium | 4.3 | 2017-02-01 | IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker… |
CVE-2015-7408 | Low | 3.7 | 2016-02-15 | The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAM… |
CVE-2016-2894 | Low | 2.5 | 2016-07-03 | IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain se… |
CVE-2015-4927 | | 2015-11-04 | The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-wri… | |
CVE-2014-4818 | | 2015-02-24 | dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/resto… |