SymmetricalDataSecurity: IBM Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

Friday, July 29, 2016

IBM Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

When using IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server or IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server, the Microsoft SQL Server’s user ID and password is presented in plain text via task completion status details available within the MMC GUI’s Task List view.

CVE(s): CVE-2016-3059

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (IBM Spectrum Protect for Databases) are affected:

6.4.0.0 through 6.4.1.8
6.3.0.0 through 6.3.1.6

The following levels of IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (IBM Spectrum Protect Snapshot) are affected:

3.2.0.0 through 3.2.1.8
3.1.0.0 through 3.1.1.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aj3jLQ
X-Force Database: http://ift.tt/2ajVUPL

from IBM Product Security Incident Response Team http://ift.tt/2aj2S46

SymmetricalDataSecurity

Friday, July 29, 2016

IBM Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews