CVE-2015-7404

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-7404
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21969514 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Information

Published : 2015-11-13 19:59

Updated : 2015-11-19 09:44

NVD link : CVE-2015-7404

Mitre link : CVE-2015-7404

JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa
Products Affected

ibm

  • tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
  • tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
  • tivoli_storage_flashcopy_manager

microsoft

  • windows