IBM Spectrum Protect Client Windows Registry Credentials Disclosure

Low Nessus Plugin ID 100718


A client application installed on the remote host is affected by an information disclosure vulnerability.


The version of IBM Spectrum Protect Client installed on the remote Windows host is affected by an information disclosure vulnerability due to insecure permission for registry keys under the 'HKLM\Software\IBM\ADSM\CurrentVersion\Nodes\' key. A local attacker can exploit this vulnerability to disclose credentials.

IBM Spectrum Protect was formerly known as IBM Tivoli Storage Manager in releases prior to version 7.1.3.


Refer to the vendor advisory for instructions on remediation.

See Also

Plugin Details

Severity: Low

ID: 100718

File Name: ibm_spectrum_protect_client_swg22003738.nasl

Version: $Revision: 1.2 $

Type: local

Family: Misc.

Published: 2017/06/09

Modified: 2017/08/15

Dependencies: 64567, 100719, 86326

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 2

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 5.5

Temporal Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_client, x-cpe:/a:ibm:spectrum_protect_client

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2017/05/31

Reference Information

CVE: CVE-2016-8939

BID: 98783

OSVDB: 158445

IAVB: 2017-B-0065