CVE-2015-4949

Опубликовано: 23 авг. 2015

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21963630
Patch
Vendor Advisory
http://www.securitytracker.com/id/1033270
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21963630
Patch
Vendor Advisory
http://www.securitytracker.com/id/1033270

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-83v9-f9px-r53f

github

больше 3 лет назад