IBMEE807DFAACFCF8062DE7475CFE4F4E98FD8E75ED66D3B2380F7CE4DE045A91C3Security Bulletin: Password disclosure vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware vSphere GUI (CVE-2016-6034)
EPSS
Percentile
23.7%
Summary
IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments) VMware vSphere GUI is vulnerable to a password disclosure.
Vulnerability Details
CVEID: CVE-2016-6034**
DESCRIPTION:** IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116893 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
The following levels of IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) are affected:
- 7.1.3.0 through 7.1.6.3
Remediation/Fixes
Tivoli Storage Manager for VE: Data Protection for VMware Release
| First Fixing VRMF Level|Client Platform|Link to Fix / Fix Availability Target
—|—|—|—
7.1| 7.1.6.4| Windows| ** **<http://www.ibm.com/support/docview.wss?uid=swg24042520>
Workarounds and Mitigations
None
Related
EPSS
Percentile
23.7%