mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
374 lines
18 KiB
JSON
374 lines
18 KiB
JSON
{
|
|
"id": "CVE-2015-7404",
|
|
"sourceIdentifier": "psirt@us.ibm.com",
|
|
"published": "2015-11-14T03:59:05.350",
|
|
"lastModified": "2015-11-19T17:44:28.810",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (tambi\u00e9n conocido como Spectrum Protect for Databases) 5.5 en versiones anteriores a 5.5.6.2, 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (tambi\u00e9n conocido como Spectrum Protect for Mail) 5.5 en versiones anteriores a 5.5.1.1, 6.1 y 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; y Tivoli Storage FlashCopy Manager for Windows (tambi\u00e9n conocido como Spectrum Protect Snapshot) 2.x y 3.1 en versiones anteriores a 3.1.1.6, 3.2 en versiones anteriores a 3.2.1.8 y 4.1 en versiones anteriores a 4.1.4, cuando se configura el trazado de aplicaci\u00f3n, escribir contrase\u00f1as en texto plano durante la ejecuci\u00f3n del comando changetsmpassword, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de la traza de salida de la aplicaci\u00f3n."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 1.9
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 3.4,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "525876F0-6E63-4AF3-BA34-D6B7D89131AF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "84BAD8C8-87A4-41FA-B480-072363472BBA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1E21B096-464F-4777-9CDD-AD2BB1850C09"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E1D75A51-F385-4EB3-B4F7-AF133F8A2E5A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AAEF9535-ED13-45CF-8CB7-86096E2A0050"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1FE9E7E8-E64F-4053-811F-F080ADDA8DAC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3C3807F5-F2E0-44B1-AFD6-8752FD578E07"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3216366D-1432-4665-92B8-ABA583B0EB1E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "130BD434-03FC-4341-83A4-2772CA9C3880"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EDF658D2-CCD2-496A-8D2B-8DF14D9BD9CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4910CD37-D630-48BD-AB90-C71999324560"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4ECE394F-6310-49DF-BBEF-91D7879FEC62"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AB5CED7C-B390-439E-AC0B-C2F6A123AACE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2FFEEDFF-FEB6-4450-AEC0-AB6B8AB2D959"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7C8650C1-8B7D-481D-B82C-1596A935C17E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8212624-3CAD-4D1D-BAEF-E1868E0B01A2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A9B5EB6-8448-4D99-846B-F2F27EC5C64E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8E97574F-F1FF-431F-BD0C-8365FBC05740"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "303EF8F9-6ECA-401A-B9F0-8B98BF0704A8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "234A770F-89E1-4C5E-87C0-7E1FCDFCA255"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "814C4DE2-FAE3-4FED-901C-5689A3879CA1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3E85C85F-6C5B-454B-9355-7C38492D3395"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AA7D6C61-BED1-4936-B68C-1E4A474F4291"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B29282CB-2E48-4FD0-BACE-8D91910AF5D8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "205F0FBF-DFA1-4EFC-BFF4-1226B0099965"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FEFED7E-FC3F-41D3-B069-9E8EF655222C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCF14229-0D33-4A68-BA72-8F9CB728C1F4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F40EE915-80D1-429B-A35E-0F415E96ADB3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44FC12F3-39C7-49FD-BB60-7C21607C77DB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "881ACFC0-4354-448A-A9BB-2F5BB72358C3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EC6978D5-4AF1-48D6-A7D5-E0158F4C8DE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24E7AD18-232C-4996-931F-72545CB38B3A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B5124F05-4C0E-422A-8CB3-E93826767ACF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "144ED09E-DE01-450C-84DF-DEFE9E6EE48B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C1B8D631-0EBE-47AB-AACA-9A0BA1077C1D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D76E0E49-1486-4518-BD46-826786BAA937"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "56242F1E-18FA-4F9B-8354-727B43F32EEE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D703577-A7CC-42D4-8EA0-582B3E395BC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8DAC6E47-07B3-430C-B7E9-7E185685DD88"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "722D8BD5-552B-49CE-B9FA-304368FDC6A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12C8EB63-1C2C-4979-875D-751B66E22EE5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0AE59BC0-DFD4-4AC5-AEF1-85AFCBD8F7B9"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EF7CEF5D-DCDE-4913-92AF-9A03B987A0B4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "976E33EB-240B-4A0C-B71A-F5DB3F5230FC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4065B385-6CCF-4227-8412-9C4E6FF08EE8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2BC01D70-F51D-4F55-A829-DFE0104AEF79"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BD889452-6341-450B-9DF2-261B66A2ABB0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B5B7107-61B4-4B55-A138-7648D35497D5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "61D1CD20-0895-406E-904A-AC160C288943"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EC1CB0C1-BDEF-497F-85AF-2E0C9585E25E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:6.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "06510033-B069-4135-AC6F-79464B69E807"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349",
|
|
"source": "psirt@us.ibm.com"
|
|
},
|
|
{
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514",
|
|
"source": "psirt@us.ibm.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |