Vulnerabilities > IBM > Tivoli Storage Manager > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2018-1550 | Improper Privilege Management vulnerability in IBM products IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. | 2.1 |
| 2017-10-05 | CVE-2017-1301 | Link Following vulnerability in IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. | 3.6 |
| 2017-10-05 | CVE-2017-1339 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. | 2.1 |
| 2017-10-05 | CVE-2017-1378 | Insufficiently Protected Credentials vulnerability in IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. | 2.1 |
| 2017-06-07 | CVE-2016-8939 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. | 2.1 |
| 2017-05-05 | CVE-2016-8916 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. | 2.1 |
| 2017-02-01 | CVE-2016-6110 | Credentials Management vulnerability in IBM products IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | 2.1 |
| 2017-02-01 | CVE-2016-6046 | Cross-site Scripting vulnerability in IBM Tivoli Storage Manager IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. | 3.5 |
| 2016-07-03 | CVE-2016-2894 | Information Exposure vulnerability in IBM Tivoli Storage Manager IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. | 2.1 |
| 2016-02-15 | CVE-2015-7408 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority. | 2.6 |