Security Bulletin: Tivoli Storage Manager (IBM Spectrum Protect) SQL interface vulnerable to unauthorized access (CVE-2016-8940)

Summary Tivoli Storage Manager IBM Spectrum Protect SQL interface is vulnerable to unauthorized access to user credentials and product sensitive information. Vulnerability Details CVEID: CVE-2016-8940 DESCRIPTION: IBM Tivoli Storage Manager IBM Spectrum Protect does not perform sufficient authori...

CVE-2016-8940

IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...

CVE-2016-8940

CVE-2016-8940 affects IBM Tivoli Storage Manager (IBM Spectrum Protect) servers. The IBM Security Bulletin and IBM/NVD entries describe an inadequate authority check on SQL queries, allowing an administrator to access product-specific database tables not meant for access, potentially exposing pas...