CVE-2015-4949
Published Aug 23, 2015
Last updated 7 years ago
Overview
- Description
- IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B29338F6-E909-4114-97F9-F71A648AF7AE"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:4.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "245C0CD0-B971-4449-89D3-796496DCF940"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "907E5E7D-27E2-43A0-89DD-BE9ACD8D662D"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C60F5DDA-A7A5-4595-9C39-0D36E8FD3489"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD"
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64FDDDA0-3192-4288-A309-FA788C829382"
}
],
"operator": "OR"
}
]
}
]