Vulnerabilities > CVE-2016-6110 - Credentials Management vulnerability in IBM products

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

nessus

NVD

Published: 2017-02-01

Updated: 2017-05-25

Summary

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Storage Manager 7.1.0.0 IBM Tivoli Storage Manager - IBM Tivoli Storage Manager 4.2 IBM Tivoli Storage Manager 4.2.1 IBM Tivoli Storage Manager 5.1.8 IBM Tivoli Storage Manager 5.2.5.1 IBM Tivoli Storage Manager 5.2.7 IBM Tivoli Storage Manager 5.2.8 IBM Tivoli Storage Manager 5.2.9 IBM Tivoli Storage Manager 5.3.0 IBM Tivoli Storage Manager 5.3.1 IBM Tivoli Storage Manager 5.3.2 IBM Tivoli Storage Manager 5.3.3 IBM Tivoli Storage Manager 5.4.0 IBM Tivoli Storage Manager 5.4.3.4 IBM Tivoli Storage Manager 5.4.3.6 IBM Tivoli Storage Manager 5.5 IBM Tivoli Storage Manager 5.5.0 IBM Tivoli Storage Manager 5.5.2 IBM Tivoli Storage Manager 5.5.3 IBM Tivoli Storage Manager 5.5.4 IBM Tivoli Storage Manager 5.5.4.1 IBM Tivoli Storage Manager 5.5.4.2 IBM Tivoli Storage Manager 5.5.4.3 IBM Tivoli Storage Manager 6.1 IBM Tivoli Storage Manager 6.1.0 IBM Tivoli Storage Manager 6.1.1 IBM Tivoli Storage Manager 6.1.2 IBM Tivoli Storage Manager 6.1.3 IBM Tivoli Storage Manager 6.1.4 IBM Tivoli Storage Manager 6.1.5 IBM Tivoli Storage Manager 6.1.5.4 IBM Tivoli Storage Manager 6.1.5.5 IBM Tivoli Storage Manager 6.1.5.6 IBM Tivoli Storage Manager 6.2 IBM Tivoli Storage Manager 6.2.0 IBM Tivoli Storage Manager 6.2.1 IBM Tivoli Storage Manager 6.2.2 IBM Tivoli Storage Manager 6.2.3 IBM Tivoli Storage Manager 6.2.4 IBM Tivoli Storage Manager 6.2.4.7 IBM Tivoli Storage Manager 6.3 IBM Tivoli Storage Manager 6.3.0 IBM Tivoli Storage Manager 6.3.0.5 IBM Tivoli Storage Manager 6.3.0.15 IBM Tivoli Storage Manager 6.3.0.17 IBM Tivoli Storage Manager 6.3.1 IBM Tivoli Storage Manager 6.3.1.2 IBM Tivoli Storage Manager 6.3.2.2 IBM Tivoli Storage Manager 6.3.3.0 IBM Tivoli Storage Manager 6.3.4.0 IBM Tivoli Storage Manager 6.3.5.0 IBM Tivoli Storage Manager 6.3.6 IBM Tivoli Storage Manager 6.4 IBM Tivoli Storage Manager 6.4.0 IBM Tivoli Storage Manager 6.4.0.1 IBM Tivoli Storage Manager 6.4.0.4 IBM Tivoli Storage Manager 6.4.0.5 IBM Tivoli Storage Manager 6.4.0.7 IBM Tivoli Storage Manager 6.4.1.0 IBM Tivoli Storage Manager 6.4.1.1 IBM Tivoli Storage Manager 6.4.1.3 IBM Tivoli Storage Manager 6.4.1.7 IBM Tivoli Storage Manager 6.4.2.1 IBM Tivoli Storage Manager 6.4.2.2 IBM Tivoli Storage Manager 6.4.2.3 IBM Tivoli Storage Manager 6.4.2.4 IBM Tivoli Storage Manager 6.4.2.100 IBM Tivoli Storage Manager 6.4.2.200 IBM Tivoli Storage Manager 6.4.2.500 IBM Tivoli Storage Manager 6.4.2.600 IBM Tivoli Storage Manager 6.4.3 IBM Tivoli Storage Manager 6.4.3.1 IBM Tivoli Storage Manager 7.1 IBM Tivoli Storage Manager 7.1..5.100 IBM Tivoli Storage Manager 7.1.0.1 IBM Tivoli Storage Manager 7.1.0.2 IBM Tivoli Storage Manager 7.1.0.3 IBM Tivoli Storage Manager 7.1.1 IBM Tivoli Storage Manager 7.1.1.1 IBM Tivoli Storage Manager 7.1.1.2 IBM Tivoli Storage Manager 7.1.1.100 IBM Tivoli Storage Manager 7.1.1.200 IBM Tivoli Storage Manager 7.1.1.300 IBM Tivoli Storage Manager 7.1.3 IBM Tivoli Storage Manager 7.1.3.000 IBM Tivoli Storage Manager 7.1.3.1 IBM Tivoli Storage Manager 7.1.3.2 IBM Tivoli Storage Manager 7.1.3.100 IBM Tivoli Storage Manager 7.1.4 IBM Tivoli Storage Manager 7.1.4.1 IBM Tivoli Storage Manager 7.1.4.2 IBM Tivoli Storage Manager 7.1.5 IBM Tivoli Storage Manager 7.1.5.200 IBM Tivoli Storage Manager 7.1.6 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 7.1.0.0 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 4.1.0 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 4.1.1 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 4.1.2 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 4.1.3 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 6.3.1 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 6.3.2 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 6.4.1 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 7.1.0 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 7.1.1 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 7.1.2 IBM Tivoli Storage Manager FOR Virtual Environments Data Protection FOR Vmware 7.1.3	107
OS	Linux Linux Linux Kernel *	1
OS	Microsoft Microsoft Windows *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Nessus

NASL family	Misc.
NASL id	TIVOLI_STORAGE_MANAGER_CLIENT_7164.NASL
description	The version of IBM Spectrum Protect Client installed on the remote host is 7.1.x prior to 7.1.6.4. It is, therefore, affected by an information disclosure vulnerability due to the application exposing obfuscated VMware vCenter User ID and Password information during the VM backup process using the INCLUDE.VMTSMVSS option whenever application tracing is enabled with the VMTSMVSS flag. A local attacker can exploit this to disclose credential information. Note that IBM Spectrum Protect was formerly known as IBM Tivoli Storage Manager in releases prior to version 7.1.3.
last seen	2020-06-01
modified	2020-06-02
plugin id	96484
published	2017-01-13
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96484
title	IBM Spectrum Protect Client VM Backup INCLUDE.VMTSMVSS Option Credentials Disclosure
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96484); script_version("1.6"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-6110"); script_bugtraq_id(95306); script_name(english:"IBM Spectrum Protect Client VM Backup INCLUDE.VMTSMVSS Option Credentials Disclosure"); script_summary(english:"Checks the version of IBM Spectrum Protect Client."); script_set_attribute(attribute:"synopsis", value: "A client application installed on the remote host is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The version of IBM Spectrum Protect Client installed on the remote host is 7.1.x prior to 7.1.6.4. It is, therefore, affected by an information disclosure vulnerability due to the application exposing obfuscated VMware vCenter User ID and Password information during the VM backup process using the INCLUDE.VMTSMVSS option whenever application tracing is enabled with the VMTSMVSS flag. A local attacker can exploit this to disclose credential information. Note that IBM Spectrum Protect was formerly known as IBM Tivoli Storage Manager in releases prior to version 7.1.3."); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21996198"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM Spectrum Protect Client version 7.1.6.4 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6110"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/03"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/13"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_manager_client"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tivoli_storage_manager_client_installed.nasl", "tivoli_storage_manager_client_installed_linux.nbin"); script_require_keys("installed_sw/Tivoli Storage Manager Client", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'Tivoli Storage Manager Client'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); version = install['version']; package = install['Package']; port = NULL; if (report_paranoia < 2) audit(AUDIT_PARANOID); fix = NULL; if (version =~ '^7\\.1\\.' && ver_compare(ver:version, fix:'7.1.6.4', minver:'7.1', strict:FALSE) == -1) fix = '7.1.6.4'; if (isnull(fix)) audit(AUDIT_INST_VER_NOT_VULN, app); if (get_kb_item("SMB/Registry/Enumerated") && empty_or_null(package)) package = "N/A"; if (get_kb_item("SMB/Registry/Enumerated")) port = 445; else port = 0; report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n Package : ' + package + '\n'; security_report_v4(severity:SECURITY_NOTE, port:port, extra:report);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References