CVE-2016-8937

Опубликовано: 05 окт. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22007935
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/118750
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22007935
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/118750
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-m96f-f8pc-696h