← Back

CVE-2016-3059

nvd nist
Published: Aug 8, 2016Modified: May 6, 2026

JSON object

Loading...
6.2
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.5 / Impact: 3.6
Source: NVD

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.

Affected (4)

Ibm
2 products
Tivoli Storage Flashcopy Manager For Sql Server
Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Tivoli Storage Flashcopy Manager For Sql Server
From 3.1.0.0 to 3.1.1.6
Tivoli Storage Flashcopy Manager For Sql Server
From 3.2.0.0 to 3.2.1.8
Ibm
Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
From 6.3.0.0 to 6.3.1.8
Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
From 6.4.0.0 to 6.4.1.8

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: psirt@us.ibm.com
MitigationPatchVendor Advisory
Source: psirt@us.ibm.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.