CVE-2015-4949 - OpenCVE

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Tivoli Storage Flashcopy Manager Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.2:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480
http://www-01.ibm.com/support/docview.wss?uid=swg21963630
http://www.securitytracker.com/id/1033270

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2015-08-23T01:00:00

Updated: 2024-08-06T06:32:31.753Z

Reserved: 2015-06-24T00:00:00

Link: CVE-2015-4949

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-08-23T01:59:02.753

Modified: 2017-09-21T01:29:10.320

Link: CVE-2015-4949

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-18T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-20T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IT03480", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"}, {"name": "1033270", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033270"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-4949", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IT03480", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"}, {"name": "1033270", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033270"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:31.753Z"}, "title": "CVE Program Container", "references": [{"name": "IT03480", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"}, {"name": "1033270", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033270"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-4949", "datePublished": "2015-08-23T01:00:00", "dateReserved": "2015-06-24T00:00:00", "dateUpdated": "2024-08-06T06:32:31.753Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "245C0CD0-B971-4449-89D3-796496DCF940", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "C60F5DDA-A7A5-4595-9C39-0D36E8FD3489", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "64FDDDA0-3192-4288-A309-FA788C829382", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."}, {"lang": "es", "value": "Vulnerabilidad en IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server en 7.1 en versiones anteriores a 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server en 7.1 en versiones anteriores a 7.1.2 y en Tivoli Storage FlashCopy Manager en 4.1 en versiones anteriores a 4.1.2, coloca las contrase\u00f1as en texto plano en mensajes de excepci\u00f3n, permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible mediante la lectura de las ventanas emergentes GUI, una vulnerabilidad diferente a CVE-2015-6557."}], "id": "CVE-2015-4949", "lastModified": "2017-09-21T01:29:10.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-23T01:59:02.753", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1033270"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}