CVE-2016-8940

Summary

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationTivoli Storage Manager5.3.5.3affected
IBM CorporationTivoli Storage Manager5.4.1.2affected
IBM CorporationTivoli Storage Manager4.2affected
IBM CorporationTivoli Storage Manager4.2.1affected
IBM CorporationTivoli Storage Manager5.1.8affected
IBM CorporationTivoli Storage Manager5.2.5.1affected
IBM CorporationTivoli Storage Manager5.2.7affected
IBM CorporationTivoli Storage Manager5.2.8affected
IBM CorporationTivoli Storage Manager5.2.9affected
IBM CorporationTivoli Storage Manager5.3.0affected
IBM CorporationTivoli Storage Manager5.3.1affected
IBM CorporationTivoli Storage Manager5.3.2affected
IBM CorporationTivoli Storage Manager5.3.3affected
IBM CorporationTivoli Storage Manager5.4.4.0affected
IBM CorporationTivoli Storage Manager5.4.2.4affected
IBM CorporationTivoli Storage Manager5.4.2.3affected
IBM CorporationTivoli Storage Manager5.4.2.2affected
IBM CorporationTivoli Storage Manager5.3.6.9affected
IBM CorporationTivoli Storage Manager5.3.6.2affected
IBM CorporationTivoli Storage Manager5.3.6.1affected
IBM CorporationTivoli Storage Manager5.3.4affected
IBM CorporationTivoli Storage Manager5.2.5.3affected
IBM CorporationTivoli Storage Manager5.2.5.2affected
IBM CorporationTivoli Storage Manager5.2.4affected
IBM CorporationTivoli Storage Manager5.3.5.1affected
IBM CorporationTivoli Storage Manager5.3.2.4affected
IBM CorporationTivoli Storage Manager6.0affected
IBM CorporationTivoli Storage Manager5.1.0affected
IBM CorporationTivoli Storage Manager5.1.1affected
IBM CorporationTivoli Storage Manager5.1.10affected
IBM CorporationTivoli Storage Manager5.1.5affected
IBM CorporationTivoli Storage Manager5.1.6affected
IBM CorporationTivoli Storage Manager5.1.7affected
IBM CorporationTivoli Storage Manager5.1.9affected
IBM CorporationTivoli Storage Manager5.2.0affected
IBM CorporationTivoli Storage Manager5.2.1affected
IBM CorporationTivoli Storage Manager4.2.2affected
IBM CorporationTivoli Storage Manager4.2.3affected
IBM CorporationTivoli Storage Manager4.2.4affected
IBM CorporationTivoli Storage Manager5.2.2affected
IBM CorporationTivoli Storage Manager5.3affected
IBM CorporationTivoli Storage Manager5.2 Clientaffected
IBM CorporationTivoli Storage Manager5.4 Clientaffected
IBM CorporationTivoli Storage Manager5.5.7affected
IBM CorporationTivoli Storage Manager5.2.3.4 Clientaffected
IBM CorporationTivoli Storage Manager5.5.1.0affected
IBM CorporationTivoli Storage Manager5.5.1.6affected
IBM CorporationTivoli Storage Manager5.4affected
IBM CorporationTivoli Storage Manager5.5affected
IBM CorporationTivoli Storage Manager6.1affected
IBM CorporationTivoli Storage Manager6.2affected
IBM CorporationTivoli Storage Manager6.3affected
IBM CorporationTivoli Storage Manager6.4affected
IBM CorporationTivoli Storage Manager7.1affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References