CVE-2016-5927

IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output.

Published: Sep 12, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-5927
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ibm / tivoli_storage_manager_for_space_management	7.1.1	7.1.1.x
ibm / tivoli_storage_manager_for_space_management	7.1.2	7.1.2.x
ibm / tivoli_storage_manager_for_space_management	6.4.3	6.4.3.x
ibm / tivoli_storage_manager_for_space_management	6.4.1	6.4.1.x
ibm / tivoli_storage_manager_for_space_management	7.1.4	7.1.4.x
ibm / tivoli_storage_manager_for_space_management	6.4.0.0	6.4.0.0.x
ibm / tivoli_storage_manager_for_space_management	6.3.0	6.3.0.x
ibm / tivoli_storage_manager_for_space_management	6.4.0	6.4.0.x
ibm / tivoli_storage_manager_for_space_management	7.1.3	7.1.3.x
ibm / tivoli_storage_manager_for_space_management	6.3.2	6.3.2.x
ibm / tivoli_storage_manager_for_space_management	7.1.0	7.1.0.x
ibm / tivoli_storage_manager_for_space_management	6.4.2	6.4.2.x

Vulnerability Database

CVE-2016-5927