Lucene search

[email protected]CVE-2016-6043

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-6043

2017-02-0120:59:01

CWE-384

[email protected]

web.nvd.nist.gov

cve-2016-6043

tivoli storage manager

operations center

session expiration

vulnerability

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

Affected configurations

Vulners

NVD

Node

ibm_corporationtivoli_storage_manager_extended_editionMatch6.4

ibm_corporationtivoli_storage_manager_extended_editionMatch7.1

ibm_corporationtivoli_storage_manager_extended_editionMatch7.1.1

ibm_corporationtivoli_storage_manager_extended_editionMatch6.1

ibm_corporationtivoli_storage_manager_extended_editionMatch6.2

ibm_corporationtivoli_storage_manager_extended_editionMatch6.3

CPENameOperatorVersion
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.1
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.1.1
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.2
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.2.1
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.2.2
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.2.3
ibm:tivoli_storage_manageribm tivoli storage managereq6.4.2.4
ibm:tivoli_storage_manageribm tivoli storage managereq7.1
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.1
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.2

CPE	Name	Operator	Version
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.1.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.2
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.2.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.2.2
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.2.3
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.4.2.4
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.2

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Tivoli Storage Manager Extended Edition",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "6.4"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.1.1"
      },
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "6.2"
      },
      {
        "status": "affected",
        "version": "6.3"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21995754

www.securityfocus.com/bid/95090

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6043

prion1 cvelist1 nvd1 ibm1