CVE-2016-8940 | THREATINT

Assigner	ibm
Reserved	2016-10-25
Published	2017-03-07
Updated	2024-08-06

Description

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.

Product status

5.3.5.3

affected

5.4.1.2

affected

4.2

affected

4.2.1

affected

5.1.8

affected

5.2.5.1

affected

5.2.7

affected

5.2.8

affected

5.2.9

affected

5.3.0

affected

5.3.1

affected

5.3.2

affected

5.3.3

affected

5.4.4.0

affected

5.4.2.4

affected

5.4.2.3

affected

5.4.2.2

affected

5.3.6.9

affected

5.3.6.2

affected

5.3.6.1

affected

5.3.4

affected

5.2.5.3

affected

5.2.5.2

affected

5.2.4

affected

5.3.5.1

affected

5.3.2.4

affected

6.0

affected

5.1.0

affected

5.1.1

affected

5.1.10

affected

5.1.5

affected

5.1.6

affected

5.1.7

affected

5.1.9

affected

5.2.0

affected

5.2.1

affected

4.2.2

affected

4.2.3

affected

4.2.4

affected

5.2.2

affected

5.3

affected

5.2 Client

affected

5.4 Client

affected

5.5.7

affected

5.2.3.4 Client

affected

5.5.1.0

affected

5.5.1.6

affected

5.4

affected

5.5

affected

6.1

affected

6.2

affected

6.3

affected

6.4

affected

7.1

affected

References

http://www.ibm.com/support/docview.wss?uid=swg21998946

cve.org CVE-2016-8940

nvd.nist.gov CVE-2016-8940

Download JSON