CVE-2015-6557

EUVD-2015-6496
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_flashcopy_manager
3.1.0
ibmtivoli_storage_flashcopy_manager
3.1.1
ibmtivoli_storage_flashcopy_manager
3.2.0
ibmtivoli_storage_flashcopy_manager
3.2.1
ibmtivoli_storage_flashcopy_manager
4.1.0
ibmtivoli_storage_flashcopy_manager
4.1.1
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.1
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.2
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.3
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.4
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.5
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
5.5.6
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
6.3
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
6.3.1
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
6.4
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
6.4.1
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
7.1
ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server
7.1.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
5.5
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
5.5.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1.2
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1.3
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.3
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.3.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.4
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.4.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
7.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
7.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
http://www-01.ibm.com/support/docview.wss?uid=swg21963630
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
http://www-01.ibm.com/support/docview.wss?uid=swg21963630