Vulnerability Details : CVE-2016-3059
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.
Vulnerability category: Information leak
Products affected by CVE-2016-3059
- IBM » Tivoli Storage Manager For Databases Data Protection For Microsoft Sql ServerVersions from including (>=) 6.4.0.0 and up to, including, (<=) 6.4.1.8cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:*:*:*:*:*:*:*:*
- IBM » Tivoli Storage Manager For Databases Data Protection For Microsoft Sql ServerVersions from including (>=) 6.3.0.0 and up to, including, (<=) 6.3.1.8cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:*:*:*:*:*:*:*:*
- IBM » Tivoli Storage Flashcopy Manager For Sql ServerVersions from including (>=) 3.1.0.0 and up to, including, (<=) 3.1.1.6cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_sql_server:*:*:*:*:*:*:*:*
- IBM » Tivoli Storage Flashcopy Manager For Sql ServerVersions from including (>=) 3.2.0.0 and up to, including, (<=) 3.2.1.8cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_sql_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3059
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3059
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.5
|
3.6
|
NIST |
CWE ids for CVE-2016-3059
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3059
-
http://www.securitytracker.com/id/1036488
IBM Tivoli Storage Manager for Databases Lets Local Users View the Microsoft SQL Server Password - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21987333
IBM Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQLMitigation;Patch;Vendor Advisory
Jump to