CVE-2016-5918 — Sensitive Information Exposure in IBM Tivoli Storage Manager FOR Space Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 82.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager FOR Space Management IBM Corporation Tivoli Storage Manager HSM FOR Windows

Timeline

PublishedFeb 8

Latest updateMay 17

Description

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm_corporation/tivoli_storage_manager_hsm_for_windows9 versions+8

▶NVDibm/tivoli_storage_manager7.1.4.1+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5g9p-5gfh-ghcw: IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access o↗2022-05-17

▶

CVEList

CVE-2016-5918: IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access o↗2017-02-08

▶