CVE-2016-5918

low-risk
Published 2017-02-08

IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
LOCAL / HIGH complexity

Affected Products (3)

Tivoli Storage Manager For Space Management
Tivoli Storage Manager For Space Management
Tivoli Storage Manager For Space Management

Affected Vendors

Ibm

References (4)

Patch http://www.ibm.com/support/docview.wss?uid=swg21988728
Third Party Advisory http://www.securityfocus.com/bid/92534
Patch http://www.ibm.com/support/docview.wss?uid=swg21988728
Third Party Advisory http://www.securityfocus.com/bid/92534
21
/ 100
low-risk
Severity 12/34 · Low
Exploitability 0/34 · Minimal
Exposure 9/34 · Low