IBM TSM for Virtual Environments 7.1.3.0 < 7.1.6.4 Windows Domain Credential Disclosure

medium Nessus Plugin ID 97141

Synopsis

A backup application installed on the remote host is affected by a credential disclosure vulnerability.

Description

The IBM Tivoli Storage Manager (TSM) for Virtual Environments installed on the remote host is a version later than 7.1.3.0 but prior to 7.1.6.4. It is, therefore, affected by an unspecified flaw in the vSphere GUI that allows an authenticated, remote attacker to disclose Windows domain credentials.

Solution

Upgrade to Tivoli Storage Manager for Virtual Environments version 7.1.6.4 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21995544

Plugin Details

Severity: Medium

ID: 97141

File Name: tivoli_storage_manager_virtual_environments_vmware_CVE-2016-6034.nasl

Version: 1.5

Type: local

Family: Misc.

Published: 2/14/2017

Updated: 1/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2016-6034

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_for_virtual_environments, cpe:/a:ibm:spectrum_protect_for_virtual_environments, cpe:/a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware

Required KB Items: installed_sw/Tivoli Storage Manager for Virtual Environments

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2016

Vulnerability Publication Date: 12/12/2016

Reference Information

CVE: CVE-2016-6034