Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
IbmTivoli Storage Manager7.1

16 matches found

CVE
CVEadded 2017/10/05 5:29 p.m.53 views

CVE-2017-1339

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force I...

4.4CVSS4.6AI score0.00021EPSS
CVE
CVEadded 2017/10/05 5:29 p.m.49 views

CVE-2016-8937

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.

9.8CVSS9.1AI score0.00232EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.46 views

CVE-2016-6045

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8CVSS8.6AI score0.00151EPSS
CVE
CVEadded 2017/10/05 5:29 p.m.46 views

CVE-2017-1301

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system...

5.5CVSS5.3AI score0.00103EPSS
CVE
CVEadded 2017/10/05 5:29 p.m.46 views

CVE-2017-1378

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

7.8CVSS7.2AI score0.00036EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.45 views

CVE-2016-6046

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.6AI score0.00227EPSS
CVE
CVEadded 2017/05/05 7:29 p.m.45 views

CVE-2016-8916

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.

5.5CVSS5.2AI score0.00053EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.44 views

CVE-2016-6044

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.

4.3CVSS5.1AI score0.00125EPSS
CVE
CVEadded 2017/06/07 5:29 p.m.43 views

CVE-2016-8939

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.

5.5CVSS5.2AI score0.00074EPSS
CVE
CVEadded 2017/02/01 8:59 p.m.39 views

CVE-2016-6043

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

7CVSS7.1AI score0.00048EPSS
CVE
CVEadded 2016/07/03 9:59 p.m.37 views

CVE-2016-2894

IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and ret...

2.5CVSS3.4AI score0.00055EPSS
CVE
CVEadded 2015/02/14 2:59 a.m.36 views

CVE-2014-6195

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x8...

1.9CVSS6.5AI score0.00035EPSS
CVE
CVEadded 2017/03/07 5:59 p.m.36 views

CVE-2016-8940

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these p...

8.8CVSS8.6AI score0.00318EPSS
CVE
CVEadded 2016/01/20 5:59 a.m.35 views

CVE-2015-4951

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.

5.3CVSS5.1AI score0.00538EPSS
CVE
CVEadded 2015/02/24 8:59 p.m.33 views

CVE-2014-4818

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.

2.1CVSS6.3AI score0.00031EPSS
CVE
CVEadded 2015/11/04 3:59 a.m.33 views

CVE-2015-4927

The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.

7.2CVSS6.5AI score0.00111EPSS