IBM TSM for Virtual Environments 7.1.3.0 < 7.1.6.4 Windows Domain Credential Disclosure

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A backup application installed on the remote host is affected by a
credential disclosure vulnerability.

Description :

The IBM Tivoli Storage Manager (TSM) for Virtual Environments
installed on the remote host is a version later than 7.1.3.0 but prior
to 7.1.6.4. It is, therefore, affected by an unspecified flaw in the
vSphere GUI that allows an authenticated, remote attacker to disclose
Windows domain credentials.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21995544

Solution :

Upgrade to Tivoli Storage Manager for Virtual Environments version
7.1.6.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 97141 ()

Bugtraq ID:

CVE ID: CVE-2016-6034

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now