The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM TSM

threat note CVE-2016-5934

IBM Tivoli Storage Manager FastBack Demo: code execution via DLL

Synthesis of the vulnerability

An attacker can use a vulnerability via DLL of IBM Tivoli Storage Manager FastBack Demo, in order to run code.
Severity: 2/4.
Creation date: 09/02/2017.
Identifiers: 1988908, CVE-2016-5934, VIGILANCE-VUL-21792.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via DLL of IBM Tivoli Storage Manager FastBack Demo, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-6043 CVE-2016-6044 CVE-2016-6045

IBM Tivoli Storage Manager Operations Center: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM Tivoli Storage Manager.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 02/02/2017.
Identifiers: 1995754, CVE-2016-6043, CVE-2016-6044, CVE-2016-6045, CVE-2016-6046, VIGILANCE-VUL-21753.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of IBM Tivoli Storage Manager Operations Center.

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-6043]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-6044]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-6045]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-6046]
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2016-6034

IBM Tivoli Storage Manager for Virtual Environments: information disclosure via Password Disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Password Disclosure of IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 02/02/2017.
Identifiers: 1995544, CVE-2016-6034, VIGILANCE-VUL-21752.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Password Disclosure of IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2016-2183 CVE-2016-5546 CVE-2016-5547

Oracle Java: vulnerabilities of January 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 18/01/2017.
Identifiers: 1998379, 1998858, 1999054, 1999999, 2000212, 2000304, 2000516, 2000544, 2000602, 2000988, 2000990, 2001608, 2002331, 2002335, 2002336, 2002479, 2002537, 2002966, 2002991, 2003145, 2004036, 2004938, 2007242, bulletinapr2017, CERTFR-2017-AVI-017, cpujan2017, CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289, DLA-802-1, DLA-821-1, DSA-2019-131, DSA-3782-1, ERPSCAN-17-006, ESA-2017-051, FEDORA-2017-4cb58f0bda, FEDORA-2017-c1252ccd41, ibm10718843, java_jan2017_advisory, NTAP-20170119-0001, openSUSE-SU-2017:0374-1, openSUSE-SU-2017:0513-1, RHSA-2017:0175-01, RHSA-2017:0176-01, RHSA-2017:0177-01, RHSA-2017:0180-01, RHSA-2017:0263-01, RHSA-2017:0269-01, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:0462-01, SB10186, SUSE-SU-2017:0346-1, SUSE-SU-2017:0460-1, SUSE-SU-2017:0490-1, SUSE-SU-2017:1444-1, USN-3179-1, USN-3194-1, USN-3198-1, VIGILANCE-VUL-21606, ZDI-17-056, ZDI-17-057.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3289, ZDI-17-057]

An attacker can use a vulnerability via Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3272, ZDI-17-056]

An attacker can use a vulnerability via RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3241]

An attacker can use a vulnerability via AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2017-3260]

An attacker can use a vulnerability via 2D, in order to trigger a denial of service. [severity:3/4; CVE-2017-3253]

An attacker can use a vulnerability via Libraries, in order to alter information. [severity:3/4; CVE-2016-5546]

An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:2/4; CVE-2016-5549]

An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:2/4; CVE-2016-5548]

An attacker can use a vulnerability via JAAS, in order to alter information. [severity:2/4; CVE-2017-3252]

An attacker can use a vulnerability via Java Mission Control, in order to obtain information. [severity:2/4; CVE-2017-3262]

An attacker can use a vulnerability via Libraries, in order to trigger a denial of service. [severity:2/4; CVE-2016-5547]

An attacker can use a vulnerability via Networking, in order to alter information. [severity:2/4; CVE-2016-5552]

An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2017-3231]

An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2017-3261]

An attacker can use a vulnerability via Deployment, in order to obtain information. [severity:1/4; CVE-2017-3259]

An attacker can use a vulnerability via Java Mission Control, in order to alter information. [severity:1/4; CVE-2016-8328]

An attacker can use a vulnerability via Libraries, in order to obtain information. [severity:1/4; CVE-2016-2183]
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2016-6110

IBM Tivoli Storage Manager: credentiels disclosure in the backup process

Synthesis of the vulnerability

A local attacker can get user credentials via IBM Tivoli Storage Manager by starting a backup, in order to escalate his privileges.
Severity: 3/4.
Creation date: 03/01/2017.
Identifiers: 1996198, CVE-2016-6110, VIGILANCE-VUL-21502.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Tivoli Storage Manager product offers a backup service.

However, when the option INCLUDE.VMTSMVSS is enabled, the backup clent display the obfuscated (nor encrypted neither plain) usernames and password of VMware vCenter users.

A local attacker can therefore get user credentials via IBM Tivoli Storage Manager by starting a backup, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-6033

IBM Tivoli Storage Manager: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of IBM Tivoli Storage Manager, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 16/12/2016.
Identifiers: 1995545, CVE-2016-6033, VIGILANCE-VUL-21406.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery of IBM Tivoli Storage Manager, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-5985

IBM Tivoli Storage Manager: buffer overflow via AIX Client Journal-Based Backup

Synthesis of the vulnerability

An attacker can generate a buffer overflow via AIX Client Journal-Based Backup of IBM Tivoli Storage Manager, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 14/11/2016.
Identifiers: 1993695, CVE-2016-5985, VIGILANCE-VUL-21098.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via AIX Client Journal-Based Backup of IBM Tivoli Storage Manager, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2016-0371

IBM Tivoli Storage Manager Client: information disclosure via Tracing

Synthesis of the vulnerability

An attacker can read logs of Tracing of IBM Tivoli Storage Manager Client, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 03/11/2016.
Identifiers: 1985114, CVE-2016-0371, VIGILANCE-VUL-21020.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Tivoli Storage Manager Client product can log its operations.

However, the password is also logged.

An attacker can therefore read logs of Tracing of IBM Tivoli Storage Manager Client, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM TSM: