Lucene search

[email protected]CVE-2016-6110

HistoryFeb 01, 2017 - 10:59 p.m.

CVE-2016-6110

2017-02-0122:59:00

CWE-255

[email protected]

web.nvd.nist.gov

ibm

tivoli

storage manager

vmware

vcenter

credentials

disclosure

vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

Affected configurations

Vulners

NVD

Node

ibm_corporationtivoli_storage_managerMatch5.3.5.3

ibm_corporationtivoli_storage_managerMatch5.4.1.2

ibm_corporationtivoli_storage_managerMatch4.2

ibm_corporationtivoli_storage_managerMatch4.2.1

ibm_corporationtivoli_storage_managerMatch5.1.8

ibm_corporationtivoli_storage_managerMatch5.2.5.1

ibm_corporationtivoli_storage_managerMatch5.2.7

ibm_corporationtivoli_storage_managerMatch5.2.8

ibm_corporationtivoli_storage_managerMatch5.2.9

ibm_corporationtivoli_storage_managerMatch5.3.0

ibm_corporationtivoli_storage_managerMatch5.3.1

ibm_corporationtivoli_storage_managerMatch5.3.2

ibm_corporationtivoli_storage_managerMatch5.3.3

ibm_corporationtivoli_storage_managerMatch5.4.4.0

ibm_corporationtivoli_storage_managerMatch5.4.2.4

ibm_corporationtivoli_storage_managerMatch5.4.2.3

ibm_corporationtivoli_storage_managerMatch5.4.2.2

ibm_corporationtivoli_storage_managerMatch5.3.6.9

ibm_corporationtivoli_storage_managerMatch5.3.6.2

ibm_corporationtivoli_storage_managerMatch5.3.6.1

ibm_corporationtivoli_storage_managerMatch5.3.4

ibm_corporationtivoli_storage_managerMatch5.2.5.3

ibm_corporationtivoli_storage_managerMatch5.2.5.2

ibm_corporationtivoli_storage_managerMatch5.2.4

ibm_corporationtivoli_storage_managerMatch5.3.5.1

ibm_corporationtivoli_storage_managerMatch5.3.2.4

ibm_corporationtivoli_storage_managerMatch6.0

ibm_corporationtivoli_storage_managerMatch5.1.0

ibm_corporationtivoli_storage_managerMatch5.1.1

ibm_corporationtivoli_storage_managerMatch5.1.10

ibm_corporationtivoli_storage_managerMatch5.1.5

ibm_corporationtivoli_storage_managerMatch5.1.6

ibm_corporationtivoli_storage_managerMatch5.1.7

ibm_corporationtivoli_storage_managerMatch5.1.9

ibm_corporationtivoli_storage_managerMatch5.2.0

ibm_corporationtivoli_storage_managerMatch5.2.1

ibm_corporationtivoli_storage_managerMatch4.2.2

ibm_corporationtivoli_storage_managerMatch4.2.3

ibm_corporationtivoli_storage_managerMatch4.2.4

ibm_corporationtivoli_storage_managerMatch5.2.2

ibm_corporationtivoli_storage_managerMatch5.3

ibm_corporationtivoli_storage_managerMatch5.2

ibm_corporationtivoli_storage_managerMatch5.4

ibm_corporationtivoli_storage_managerMatch5.5.7

ibm_corporationtivoli_storage_managerMatch5.2.3.4

ibm_corporationtivoli_storage_managerMatch5.5.1.0

ibm_corporationtivoli_storage_managerMatch5.5.1.6

ibm_corporationtivoli_storage_managerMatch5.4

ibm_corporationtivoli_storage_managerMatch5.5

ibm_corporationtivoli_storage_managerMatch6.1

ibm_corporationtivoli_storage_managerMatch6.2

ibm_corporationtivoli_storage_managerMatch6.3

ibm_corporationtivoli_storage_managerMatch6.4

ibm_corporationtivoli_storage_managerMatch7.1

CPENameOperatorVersion
ibm:tivoli_storage_manageribm tivoli storage managerle7.1.6.3
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.0
ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmwareibm tivoli storage manager for virtual environments data protection for vmwarele7.1.6.3
ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmwareibm tivoli storage manager for virtual environments data protection for vmwareeq7.1.0.0

CPE	Name	Operator	Version
ibm:tivoli_storage_manager	ibm tivoli storage manager	le	7.1.6.3
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.0
ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware	ibm tivoli storage manager for virtual environments data protection for vmware	le	7.1.6.3
ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware	ibm tivoli storage manager for virtual environments data protection for vmware	eq	7.1.0.0

CNA Affected

[
  {
    "product": "Tivoli Storage Manager",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.3.5.3"
      },
      {
        "status": "affected",
        "version": "5.4.1.2"
      },
      {
        "status": "affected",
        "version": "4.2"
      },
      {
        "status": "affected",
        "version": "4.2.1"
      },
      {
        "status": "affected",
        "version": "5.1.8"
      },
      {
        "status": "affected",
        "version": "5.2.5.1"
      },
      {
        "status": "affected",
        "version": "5.2.7"
      },
      {
        "status": "affected",
        "version": "5.2.8"
      },
      {
        "status": "affected",
        "version": "5.2.9"
      },
      {
        "status": "affected",
        "version": "5.3.0"
      },
      {
        "status": "affected",
        "version": "5.3.1"
      },
      {
        "status": "affected",
        "version": "5.3.2"
      },
      {
        "status": "affected",
        "version": "5.3.3"
      },
      {
        "status": "affected",
        "version": "5.4.4.0"
      },
      {
        "status": "affected",
        "version": "5.4.2.4"
      },
      {
        "status": "affected",
        "version": "5.4.2.3"
      },
      {
        "status": "affected",
        "version": "5.4.2.2"
      },
      {
        "status": "affected",
        "version": "5.3.6.9"
      },
      {
        "status": "affected",
        "version": "5.3.6.2"
      },
      {
        "status": "affected",
        "version": "5.3.6.1"
      },
      {
        "status": "affected",
        "version": "5.3.4"
      },
      {
        "status": "affected",
        "version": "5.2.5.3"
      },
      {
        "status": "affected",
        "version": "5.2.5.2"
      },
      {
        "status": "affected",
        "version": "5.2.4"
      },
      {
        "status": "affected",
        "version": "5.3.5.1"
      },
      {
        "status": "affected",
        "version": "5.3.2.4"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "5.1.0"
      },
      {
        "status": "affected",
        "version": "5.1.1"
      },
      {
        "status": "affected",
        "version": "5.1.10"
      },
      {
        "status": "affected",
        "version": "5.1.5"
      },
      {
        "status": "affected",
        "version": "5.1.6"
      },
      {
        "status": "affected",
        "version": "5.1.7"
      },
      {
        "status": "affected",
        "version": "5.1.9"
      },
      {
        "status": "affected",
        "version": "5.2.0"
      },
      {
        "status": "affected",
        "version": "5.2.1"
      },
      {
        "status": "affected",
        "version": "4.2.2"
      },
      {
        "status": "affected",
        "version": "4.2.3"
      },
      {
        "status": "affected",
        "version": "4.2.4"
      },
      {
        "status": "affected",
        "version": "5.2.2"
      },
      {
        "status": "affected",
        "version": "5.3"
      },
      {
        "status": "affected",
        "version": "5.2 Client"
      },
      {
        "status": "affected",
        "version": "5.4 Client"
      },
      {
        "status": "affected",
        "version": "5.5.7"
      },
      {
        "status": "affected",
        "version": "5.2.3.4 Client"
      },
      {
        "status": "affected",
        "version": "5.5.1.0"
      },
      {
        "status": "affected",
        "version": "5.5.1.6"
      },
      {
        "status": "affected",
        "version": "5.4"
      },
      {
        "status": "affected",
        "version": "5.5"
      },
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "6.2"
      },
      {
        "status": "affected",
        "version": "6.3"
      },
      {
        "status": "affected",
        "version": "6.4"
      },
      {
        "status": "affected",
        "version": "7.1"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21996198

www.securityfocus.com/bid/95306

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6110

openvas2 nvd1 prion1 ibm1 cvelist1 nessus1