Lucene search

IbmCVE-2016-8942

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-8942

2017-02-0120:59:02

CWE-284

ibm

web.nvd.nist.gov

ibm

tivoli

storage

productivity center

authenticated user

edit

properties

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

18.9%

JSON

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.

Affected configurations

Nvd

Vulners

Node

ibmspectrum_controlMatch5.2.8

ibmspectrum_controlMatch5.2.9

ibmspectrum_controlMatch5.2.10

ibmspectrum_controlMatch5.2.11

Node

ibmtivoli_storage_productivity_centerMatch5.2.0

ibmtivoli_storage_productivity_centerMatch5.2.0.0

ibmtivoli_storage_productivity_centerMatch5.2.1.0

ibmtivoli_storage_productivity_centerMatch5.2.1.1

ibmtivoli_storage_productivity_centerMatch5.2.2.0

ibmtivoli_storage_productivity_centerMatch5.2.3.0

ibmtivoli_storage_productivity_centerMatch5.2.4.0

ibmtivoli_storage_productivity_centerMatch5.2.4.1

ibmtivoli_storage_productivity_centerMatch5.2.4.1_\+

ibmtivoli_storage_productivity_centerMatch5.2.5.0

ibmtivoli_storage_productivity_centerMatch5.2.5.1

ibmtivoli_storage_productivity_centerMatch5.2.6.0

ibmtivoli_storage_productivity_centerMatch5.2.7.0

ibmtivoli_storage_productivity_centerMatch5.2.7.1

VendorProductVersionCPE
ibmspectrum_control5.2.8cpe:2.3:a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*
ibmspectrum_control5.2.9cpe:2.3:a:ibm:spectrum_control:5.2.9:*:*:*:*:*:*:*
ibmspectrum_control5.2.10cpe:2.3:a:ibm:spectrum_control:5.2.10:*:*:*:*:*:*:*
ibmspectrum_control5.2.11cpe:2.3:a:ibm:spectrum_control:5.2.11:*:*:*:*:*:*:*
ibmtivoli_storage_productivity_center5.2.0cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*
ibmtivoli_storage_productivity_center5.2.0.0cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0.0:*:*:*:*:*:*:*
ibmtivoli_storage_productivity_center5.2.1.0cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.0:*:*:*:*:*:*:*
ibmtivoli_storage_productivity_center5.2.1.1cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:*:*:*:*:*:*:*
ibmtivoli_storage_productivity_center5.2.2.0cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2.0:*:*:*:*:*:*:*
ibmtivoli_storage_productivity_center5.2.3.0cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	spectrum_control	5.2.8	cpe:2.3:a:ibm:spectrum_control:5.2.8:::::::*
ibm	spectrum_control	5.2.9	cpe:2.3:a:ibm:spectrum_control:5.2.9:::::::*
ibm	spectrum_control	5.2.10	cpe:2.3:a:ibm:spectrum_control:5.2.10:::::::*
ibm	spectrum_control	5.2.11	cpe:2.3:a:ibm:spectrum_control:5.2.11:::::::*
ibm	tivoli_storage_productivity_center	5.2.0	cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:::::::*
ibm	tivoli_storage_productivity_center	5.2.0.0	cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0.0:::::::*
ibm	tivoli_storage_productivity_center	5.2.1.0	cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.0:::::::*
ibm	tivoli_storage_productivity_center	5.2.1.1	cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:::::::*
ibm	tivoli_storage_productivity_center	5.2.2.0	cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2.0:::::::*
ibm	tivoli_storage_productivity_center	5.2.3.0	cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3.0:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Spectrum Control Standard Select Edition",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "5.1.1"
      },
      {
        "status": "affected",
        "version": "5.2"
      },
      {
        "status": "affected",
        "version": "5.2.1"
      },
      {
        "status": "affected",
        "version": "5.2.2"
      },
      {
        "status": "affected",
        "version": "5.2.3"
      },
      {
        "status": "affected",
        "version": "5.2.4"
      },
      {
        "status": "affected",
        "version": "5.2.5"
      },
      {
        "status": "affected",
        "version": "5.2.6"
      },
      {
        "status": "affected",
        "version": "5.2.7"
      },
      {
        "status": "affected",
        "version": "5.2.8"
      },
      {
        "status": "affected",
        "version": "5.2.9"
      },
      {
        "status": "affected",
        "version": "5.2.10"
      },
      {
        "status": "affected",
        "version": "5.2.11"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21995128

www.securityfocus.com/bid/94916

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

18.9%

JSON

Related for CVE-2016-8942