CVE Vulnerabilities

CVE-2017-1378

Insufficiently Protected Credentials

Published: Oct 05, 2017 | Modified: Oct 03, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Tivoli_storage_manager Ibm 6.3.6.100 6.3.6.100
Tivoli_storage_manager Ibm 6.4.2 6.4.2
Tivoli_storage_manager Ibm 7.1.0.1 7.1.0.1
Tivoli_storage_manager Ibm 7.1.5 7.1.5
Tivoli_storage_manager Ibm 6.4.2.100 6.4.2.100
Tivoli_storage_manager Ibm 6.3 6.3
Tivoli_storage_manager Ibm 6.1 6.1
Tivoli_storage_manager Ibm 6.1.5.5 6.1.5.5
Tivoli_storage_manager Ibm 6.3.5.1 6.3.5.1
Tivoli_storage_manager Ibm 7.1.0.2 7.1.0.2
Tivoli_storage_manager Ibm 6.1.5.6 6.1.5.6
Tivoli_storage_manager Ibm 6.4.2.500 6.4.2.500
Tivoli_storage_manager Ibm 6.4.3.1 6.4.3.1
Tivoli_storage_manager Ibm 6.1.3 6.1.3
Tivoli_storage_manager Ibm 7.1.3.1 7.1.3.1
Tivoli_storage_manager Ibm 6.4.3 6.4.3
Tivoli_storage_manager Ibm 7.1.4 7.1.4
Tivoli_storage_manager Ibm 6.1.5.4 6.1.5.4
Tivoli_storage_manager Ibm 6.3.1 6.3.1
Tivoli_storage_manager Ibm 6.3.0.15 6.3.0.15
Tivoli_storage_manager Ibm 6.3.1.2 6.3.1.2
Tivoli_storage_manager Ibm 6.3.5 6.3.5
Tivoli_storage_manager Ibm 7.1.4.2 7.1.4.2
Tivoli_storage_manager Ibm 7.1.0.3 7.1.0.3
Tivoli_storage_manager Ibm 6.3.0.17 6.3.0.17
Tivoli_storage_manager Ibm 7.1.1.1 7.1.1.1
Tivoli_storage_manager Ibm 8.1.0 8.1.0
Tivoli_storage_manager Ibm 6.1.4 6.1.4
Tivoli_storage_manager Ibm 6.4.2.600 6.4.2.600
Tivoli_storage_manager Ibm 6.2.3 6.2.3
Tivoli_storage_manager Ibm 7.1.3.000 7.1.3.000
Tivoli_storage_manager Ibm 6.3.6 6.3.6
Tivoli_storage_manager Ibm 7.1.1.200 7.1.1.200
Tivoli_storage_manager Ibm 6.3.3 6.3.3
Tivoli_storage_manager Ibm 6.3.0.5 6.3.0.5
Tivoli_storage_manager Ibm 7.1.1 7.1.1
Tivoli_storage_manager Ibm 7.1..5.100 7.1..5.100
Tivoli_storage_manager Ibm 7.1.3.2 7.1.3.2
Tivoli_storage_manager Ibm 6.1.2 6.1.2
Tivoli_storage_manager Ibm 6.3.4 6.3.4
Tivoli_storage_manager Ibm 6.1.1 6.1.1
Tivoli_storage_manager Ibm 6.4.2.200 6.4.2.200
Tivoli_storage_manager Ibm 6.3.2.2 6.3.2.2
Tivoli_storage_manager Ibm 6.2.0 6.2.0
Tivoli_storage_manager Ibm 7.1.4.1 7.1.4.1
Tivoli_storage_manager Ibm 6.2.2 6.2.2
Tivoli_storage_manager Ibm 7.1.1.100 7.1.1.100
Tivoli_storage_manager Ibm 6.1.5 6.1.5
Tivoli_storage_manager Ibm 7.1.3 7.1.3
Tivoli_storage_manager Ibm 6.1.0 6.1.0
Tivoli_storage_manager Ibm 7.1.1.300 7.1.1.300
Tivoli_storage_manager Ibm 6.2.4 6.2.4
Tivoli_storage_manager Ibm 7.1.5.200 7.1.5.200
Tivoli_storage_manager Ibm 6.4.1.0 6.4.1.0
Tivoli_storage_manager Ibm 7.1.1.2 7.1.1.2
Tivoli_storage_manager Ibm 7.1.6 7.1.6
Tivoli_storage_manager Ibm 6.2.1 6.2.1
Tivoli_storage_manager Ibm 7.1.3.100 7.1.3.100
Tivoli_storage_manager Ibm 7.1 7.1
Tivoli_storage_manager Ibm 6.4.1 6.4.1
Tivoli_storage_manager Ibm 8.1.0.2 8.1.0.2
Tivoli_storage_manager Ibm 7.1.6.5 7.1.6.5

Potential Mitigations

References