CVE-2016-6043

moderate-risk

Published 2017-02-01

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

Do I need to act?

-

0.05% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (19)

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Tivoli Storage Manager

Affected Vendors

Ibm

References (4)

Patch http://www.ibm.com/support/docview.wss?uid=swg21995754

Technical Description http://www.securityfocus.com/bid/95090

Patch http://www.ibm.com/support/docview.wss?uid=swg21995754

Technical Description http://www.securityfocus.com/bid/95090

37

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate