Lucene search

[email protected]CVE-2016-8940

HistoryMar 07, 2017 - 5:59 p.m.

CVE-2016-8940

2017-03-0717:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2016-8940

ibm

tivoli storage manager

ibm spectrum protect

sql injection

vulnerability

1998946

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.0%

JSON

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.

Affected configurations

Vulners

NVD

Node

ibm_corporationtivoli_storage_managerMatch5.3.5.3

ibm_corporationtivoli_storage_managerMatch5.4.1.2

ibm_corporationtivoli_storage_managerMatch4.2

ibm_corporationtivoli_storage_managerMatch4.2.1

ibm_corporationtivoli_storage_managerMatch5.1.8

ibm_corporationtivoli_storage_managerMatch5.2.5.1

ibm_corporationtivoli_storage_managerMatch5.2.7

ibm_corporationtivoli_storage_managerMatch5.2.8

ibm_corporationtivoli_storage_managerMatch5.2.9

ibm_corporationtivoli_storage_managerMatch5.3.0

ibm_corporationtivoli_storage_managerMatch5.3.1

ibm_corporationtivoli_storage_managerMatch5.3.2

ibm_corporationtivoli_storage_managerMatch5.3.3

ibm_corporationtivoli_storage_managerMatch5.4.4.0

ibm_corporationtivoli_storage_managerMatch5.4.2.4

ibm_corporationtivoli_storage_managerMatch5.4.2.3

ibm_corporationtivoli_storage_managerMatch5.4.2.2

ibm_corporationtivoli_storage_managerMatch5.3.6.9

ibm_corporationtivoli_storage_managerMatch5.3.6.2

ibm_corporationtivoli_storage_managerMatch5.3.6.1

ibm_corporationtivoli_storage_managerMatch5.3.4

ibm_corporationtivoli_storage_managerMatch5.2.5.3

ibm_corporationtivoli_storage_managerMatch5.2.5.2

ibm_corporationtivoli_storage_managerMatch5.2.4

ibm_corporationtivoli_storage_managerMatch5.3.5.1

ibm_corporationtivoli_storage_managerMatch5.3.2.4

ibm_corporationtivoli_storage_managerMatch6.0

ibm_corporationtivoli_storage_managerMatch5.1.0

ibm_corporationtivoli_storage_managerMatch5.1.1

ibm_corporationtivoli_storage_managerMatch5.1.10

ibm_corporationtivoli_storage_managerMatch5.1.5

ibm_corporationtivoli_storage_managerMatch5.1.6

ibm_corporationtivoli_storage_managerMatch5.1.7

ibm_corporationtivoli_storage_managerMatch5.1.9

ibm_corporationtivoli_storage_managerMatch5.2.0

ibm_corporationtivoli_storage_managerMatch5.2.1

ibm_corporationtivoli_storage_managerMatch4.2.2

ibm_corporationtivoli_storage_managerMatch4.2.3

ibm_corporationtivoli_storage_managerMatch4.2.4

ibm_corporationtivoli_storage_managerMatch5.2.2

ibm_corporationtivoli_storage_managerMatch5.3

ibm_corporationtivoli_storage_managerMatch5.2

ibm_corporationtivoli_storage_managerMatch5.4

ibm_corporationtivoli_storage_managerMatch5.5.7

ibm_corporationtivoli_storage_managerMatch5.2.3.4

ibm_corporationtivoli_storage_managerMatch5.5.1.0

ibm_corporationtivoli_storage_managerMatch5.5.1.6

ibm_corporationtivoli_storage_managerMatch5.4

ibm_corporationtivoli_storage_managerMatch5.5

ibm_corporationtivoli_storage_managerMatch6.1

ibm_corporationtivoli_storage_managerMatch6.2

ibm_corporationtivoli_storage_managerMatch6.3

ibm_corporationtivoli_storage_managerMatch6.4

ibm_corporationtivoli_storage_managerMatch7.1

CPENameOperatorVersion
ibm:tivoli_storage_manageribm tivoli storage managereq6.1
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.0
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.1
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.2
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.3
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.4
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.5
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.5.4
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.5.5
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.5.6

CPE	Name	Operator	Version
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.2
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.3
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.4
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.5
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.5.4
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.5.5
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.5.6

Rows per page:

1-10 of 501

CNA Affected

[
  {
    "product": "Tivoli Storage Manager",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.3.5.3"
      },
      {
        "status": "affected",
        "version": "5.4.1.2"
      },
      {
        "status": "affected",
        "version": "4.2"
      },
      {
        "status": "affected",
        "version": "4.2.1"
      },
      {
        "status": "affected",
        "version": "5.1.8"
      },
      {
        "status": "affected",
        "version": "5.2.5.1"
      },
      {
        "status": "affected",
        "version": "5.2.7"
      },
      {
        "status": "affected",
        "version": "5.2.8"
      },
      {
        "status": "affected",
        "version": "5.2.9"
      },
      {
        "status": "affected",
        "version": "5.3.0"
      },
      {
        "status": "affected",
        "version": "5.3.1"
      },
      {
        "status": "affected",
        "version": "5.3.2"
      },
      {
        "status": "affected",
        "version": "5.3.3"
      },
      {
        "status": "affected",
        "version": "5.4.4.0"
      },
      {
        "status": "affected",
        "version": "5.4.2.4"
      },
      {
        "status": "affected",
        "version": "5.4.2.3"
      },
      {
        "status": "affected",
        "version": "5.4.2.2"
      },
      {
        "status": "affected",
        "version": "5.3.6.9"
      },
      {
        "status": "affected",
        "version": "5.3.6.2"
      },
      {
        "status": "affected",
        "version": "5.3.6.1"
      },
      {
        "status": "affected",
        "version": "5.3.4"
      },
      {
        "status": "affected",
        "version": "5.2.5.3"
      },
      {
        "status": "affected",
        "version": "5.2.5.2"
      },
      {
        "status": "affected",
        "version": "5.2.4"
      },
      {
        "status": "affected",
        "version": "5.3.5.1"
      },
      {
        "status": "affected",
        "version": "5.3.2.4"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "5.1.0"
      },
      {
        "status": "affected",
        "version": "5.1.1"
      },
      {
        "status": "affected",
        "version": "5.1.10"
      },
      {
        "status": "affected",
        "version": "5.1.5"
      },
      {
        "status": "affected",
        "version": "5.1.6"
      },
      {
        "status": "affected",
        "version": "5.1.7"
      },
      {
        "status": "affected",
        "version": "5.1.9"
      },
      {
        "status": "affected",
        "version": "5.2.0"
      },
      {
        "status": "affected",
        "version": "5.2.1"
      },
      {
        "status": "affected",
        "version": "4.2.2"
      },
      {
        "status": "affected",
        "version": "4.2.3"
      },
      {
        "status": "affected",
        "version": "4.2.4"
      },
      {
        "status": "affected",
        "version": "5.2.2"
      },
      {
        "status": "affected",
        "version": "5.3"
      },
      {
        "status": "affected",
        "version": "5.2 Client"
      },
      {
        "status": "affected",
        "version": "5.4 Client"
      },
      {
        "status": "affected",
        "version": "5.5.7"
      },
      {
        "status": "affected",
        "version": "5.2.3.4 Client"
      },
      {
        "status": "affected",
        "version": "5.5.1.0"
      },
      {
        "status": "affected",
        "version": "5.5.1.6"
      },
      {
        "status": "affected",
        "version": "5.4"
      },
      {
        "status": "affected",
        "version": "5.5"
      },
      {
        "status": "affected",
        "version": "6.1"
      },
      {
        "status": "affected",
        "version": "6.2"
      },
      {
        "status": "affected",
        "version": "6.3"
      },
      {
        "status": "affected",
        "version": "6.4"
      },
      {
        "status": "affected",
        "version": "7.1"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21998946

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for CVE-2016-8940

prion1 cvelist1 ibm1 nvd1