CVE-2016-2894

CWE-200Information Exposure3 documents3 sources
Severity
2.5LOW
EPSS
0.1%
top 82.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Storage Manager
Timeline
PublishedJul 3
Latest updateMay 17

Description

IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages1 packages

NVDibm/tivoli_storage_manager66 versions+65

🔴Vulnerability Details

2
GHSA
GHSA-92m4-vvrf-4c9g: IBM Spectrum Protect (formerly Tivoli Storage Manager) 52022-05-17
CVEList
CVE-2016-2894: IBM Spectrum Protect (formerly Tivoli Storage Manager) 52016-07-03
CVE-2016-2894 (LOW CVSS 2.5) | IBM Spectrum Protect (formerly Tivo | cvebase.io