Vulnerabilities > IBM > Tivoli Storage Manager

DATE CVE VULNERABILITY TITLE RISK
2017-02-24 CVE-2016-8998 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server.
network
low complexity
ibm CWE-119
7.2
2017-02-01 CVE-2016-6110 Credentials Management vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
local
low complexity
ibm CWE-255
6.5
2017-02-01 CVE-2016-0371 Unspecified vulnerability in IBM Tivoli Storage Manager
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
local
low complexity
ibm
5.5
2017-02-01 CVE-2016-6046 Cross-site Scripting vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6045 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-02-01 CVE-2016-6044 Improper Access Control vulnerability in IBM Tivoli Storage Manager
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
network
low complexity
ibm CWE-284
4.3
2017-02-01 CVE-2016-6043 Session Fixation vulnerability in IBM Tivoli Storage Manager
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
local
high complexity
ibm CWE-384
7.0
2017-02-01 CVE-2016-5985 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled.
local
low complexity
ibm CWE-119
7.8
2016-07-03 CVE-2016-2894 Information Exposure vulnerability in IBM Tivoli Storage Manager
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
local
high complexity
ibm CWE-200
2.5
2016-02-15 CVE-2015-7408 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
network
high complexity
ibm CWE-264
3.7