CVE-2016-8940

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
ibmtivoli_storage_manager
6.1
ibmtivoli_storage_manager
6.1.0
ibmtivoli_storage_manager
6.1.1
ibmtivoli_storage_manager
6.1.2
ibmtivoli_storage_manager
6.1.3
ibmtivoli_storage_manager
6.1.4
ibmtivoli_storage_manager
6.1.5
ibmtivoli_storage_manager
6.1.5.4
ibmtivoli_storage_manager
6.1.5.5
ibmtivoli_storage_manager
6.1.5.6
ibmtivoli_storage_manager
6.2.0
ibmtivoli_storage_manager
6.2.1
ibmtivoli_storage_manager
6.2.2
ibmtivoli_storage_manager
6.2.3
ibmtivoli_storage_manager
6.2.4
ibmtivoli_storage_manager
6.3
ibmtivoli_storage_manager
6.3.0.5
ibmtivoli_storage_manager
6.3.0.15
ibmtivoli_storage_manager
6.3.0.17
ibmtivoli_storage_manager
6.3.1
ibmtivoli_storage_manager
6.3.1.2
ibmtivoli_storage_manager
6.3.2.2
ibmtivoli_storage_manager
6.3.3
ibmtivoli_storage_manager
6.3.4
ibmtivoli_storage_manager
6.3.5
ibmtivoli_storage_manager
6.3.5.1
ibmtivoli_storage_manager
6.3.6
ibmtivoli_storage_manager
7.1
ibmtivoli_storage_manager
7.1..5.100
ibmtivoli_storage_manager
7.1.0.1
ibmtivoli_storage_manager
7.1.0.2
ibmtivoli_storage_manager
7.1.0.3
ibmtivoli_storage_manager
7.1.1
ibmtivoli_storage_manager
7.1.1.1
ibmtivoli_storage_manager
7.1.1.2
ibmtivoli_storage_manager
7.1.1.100
ibmtivoli_storage_manager
7.1.1.200
ibmtivoli_storage_manager
7.1.1.300
ibmtivoli_storage_manager
7.1.3
ibmtivoli_storage_manager
7.1.3.000
ibmtivoli_storage_manager
7.1.3.1
ibmtivoli_storage_manager
7.1.3.2
ibmtivoli_storage_manager
7.1.3.100
ibmtivoli_storage_manager
7.1.4
ibmtivoli_storage_manager
7.1.4.1
ibmtivoli_storage_manager
7.1.4.2
ibmtivoli_storage_manager
7.1.5
ibmtivoli_storage_manager
7.1.5.200
ibmtivoli_storage_manager
7.1.6
ibmtivoli_storage_manager
7.1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg21998946
http://www.ibm.com/support/docview.wss?uid=swg21998946