{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-11-14T03:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"}, {"name": "IT11349", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-7404", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"}, {"name": "IT11349", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:27.455Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"}, {"name": "IT11349", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-7404", "datePublished": "2015-11-14T02:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:27.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "525876F0-6E63-4AF3-BA34-D6B7D89131AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "84BAD8C8-87A4-41FA-B480-072363472BBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "1E21B096-464F-4777-9CDD-AD2BB1850C09", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1D75A51-F385-4EB3-B4F7-AF133F8A2E5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "AAEF9535-ED13-45CF-8CB7-86096E2A0050", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "1FE9E7E8-E64F-4053-811F-F080ADDA8DAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:5.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "3C3807F5-F2E0-44B1-AFD6-8752FD578E07", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "3216366D-1432-4665-92B8-ABA583B0EB1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "130BD434-03FC-4341-83A4-2772CA9C3880", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDF658D2-CCD2-496A-8D2B-8DF14D9BD9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4910CD37-D630-48BD-AB90-C71999324560", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4ECE394F-6310-49DF-BBEF-91D7879FEC62", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AB5CED7C-B390-439E-AC0B-C2F6A123AACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FFEEDFF-FEB6-4450-AEC0-AB6B8AB2D959", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C8650C1-8B7D-481D-B82C-1596A935C17E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A8212624-3CAD-4D1D-BAEF-E1868E0B01A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A9B5EB6-8448-4D99-846B-F2F27EC5C64E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8E97574F-F1FF-431F-BD0C-8365FBC05740", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "303EF8F9-6ECA-401A-B9F0-8B98BF0704A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "234A770F-89E1-4C5E-87C0-7E1FCDFCA255", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "814C4DE2-FAE3-4FED-901C-5689A3879CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:6.4.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "3E85C85F-6C5B-454B-9355-7C38492D3395", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA7D6C61-BED1-4936-B68C-1E4A474F4291", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B29282CB-2E48-4FD0-BACE-8D91910AF5D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "205F0FBF-DFA1-4EFC-BFF4-1226B0099965", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FEFED7E-FC3F-41D3-B069-9E8EF655222C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "BCF14229-0D33-4A68-BA72-8F9CB728C1F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F40EE915-80D1-429B-A35E-0F415E96ADB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FC12F3-39C7-49FD-BB60-7C21607C77DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "881ACFC0-4354-448A-A9BB-2F5BB72358C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC6978D5-4AF1-48D6-A7D5-E0158F4C8DE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "24E7AD18-232C-4996-931F-72545CB38B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "B5124F05-4C0E-422A-8CB3-E93826767ACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "144ED09E-DE01-450C-84DF-DEFE9E6EE48B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1B8D631-0EBE-47AB-AACA-9A0BA1077C1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D76E0E49-1486-4518-BD46-826786BAA937", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "56242F1E-18FA-4F9B-8354-727B43F32EEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D703577-A7CC-42D4-8EA0-582B3E395BC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DAC6E47-07B3-430C-B7E9-7E185685DD88", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "722D8BD5-552B-49CE-B9FA-304368FDC6A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "12C8EB63-1C2C-4979-875D-751B66E22EE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AE59BC0-DFD4-4AC5-AEF1-85AFCBD8F7B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF7CEF5D-DCDE-4913-92AF-9A03B987A0B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "976E33EB-240B-4A0C-B71A-F5DB3F5230FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4065B385-6CCF-4227-8412-9C4E6FF08EE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BC01D70-F51D-4F55-A829-DFE0104AEF79", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD889452-6341-450B-9DF2-261B66A2ABB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B5B7107-61B4-4B55-A138-7648D35497D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "61D1CD20-0895-406E-904A-AC160C288943", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC1CB0C1-BDEF-497F-85AF-2E0C9585E25E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "06510033-B069-4135-AC6F-79464B69E807", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output."}, {"lang": "es", "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (tambi\u00e9n conocido como Spectrum Protect for Databases) 5.5 en versiones anteriores a 5.5.6.2, 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (tambi\u00e9n conocido como Spectrum Protect for Mail) 5.5 en versiones anteriores a 5.5.1.1, 6.1 y 6.3 en versiones anteriores a 6.3.1.6, 6.4 en versiones anteriores a 6.4.1.8 y 7.1 en versiones anteriores a 7.1.4; y Tivoli Storage FlashCopy Manager for Windows (tambi\u00e9n conocido como Spectrum Protect Snapshot) 2.x y 3.1 en versiones anteriores a 3.1.1.6, 3.2 en versiones anteriores a 3.2.1.8 y 4.1 en versiones anteriores a 4.1.4, cuando se configura el trazado de aplicaci\u00f3n, escribir contrase\u00f1as en texto plano durante la ejecuci\u00f3n del comando changetsmpassword, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de la traza de salida de la aplicaci\u00f3n."}], "id": "CVE-2015-7404", "lastModified": "2015-11-19T17:44:28.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-14T03:59:05.350", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969514"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}