Strix
26.1K

CVE-2015-7404

UnknownEPSS 0.40%

Last modified

CVE-2015-7404 is a vulnerability of currently unknown severity. IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.

Metrics

EPSS Probability
0.40%

31.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5.2
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5.3
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5.4
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5.5
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server5.5.6
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.3
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.3.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.3.1.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.3.1.2
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.3.1.3
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.3.1.5
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.0.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.0.2
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.1.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.1.2
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.1.3
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.1.4
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server6.4.1.7
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server7.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server7.1.0.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server7.1.0.2
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server7.1.1.1
IbmTivoli Storage Manager For Databases Data Protection For Microsoft Sql Server7.1.2.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server5.5
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server5.5.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.1.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.1.2
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.1.3
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.3
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.3.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.4
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server6.4.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1.0.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1.0.2
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1.2.0
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1.2.1
IbmTivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server7.1.3.0
IbmTivoli Storage Flashcopy Manager2.1.0
IbmTivoli Storage Flashcopy Manager2.2.0
IbmTivoli Storage Flashcopy Manager2.2.1
IbmTivoli Storage Flashcopy Manager3.1.0
IbmTivoli Storage Flashcopy Manager3.1.1
IbmTivoli Storage Flashcopy Manager3.2.0

Showing 50 of 54 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-7404?
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.
How severe is CVE-2015-7404?
Severity scoring for CVE-2015-7404 is pending analysis. The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.
How do I fix CVE-2015-7404?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-7404?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST