9.8

CVE-2016-8937

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.

Data is provided by the National Vulnerability Database (NVD)
IbmTivoli Storage Manager Version6.1
IbmTivoli Storage Manager Version6.1.0
IbmTivoli Storage Manager Version6.1.1
IbmTivoli Storage Manager Version6.1.2
IbmTivoli Storage Manager Version6.1.3
IbmTivoli Storage Manager Version6.1.4
IbmTivoli Storage Manager Version6.1.5
IbmTivoli Storage Manager Version6.1.5.4
IbmTivoli Storage Manager Version6.1.5.5
IbmTivoli Storage Manager Version6.1.5.6
IbmTivoli Storage Manager Version6.2.0
IbmTivoli Storage Manager Version6.2.1
IbmTivoli Storage Manager Version6.2.2
IbmTivoli Storage Manager Version6.2.3
IbmTivoli Storage Manager Version6.2.4
IbmTivoli Storage Manager Version6.3
IbmTivoli Storage Manager Version6.3.0.5
IbmTivoli Storage Manager Version6.3.0.15
IbmTivoli Storage Manager Version6.3.0.17
IbmTivoli Storage Manager Version6.3.1
IbmTivoli Storage Manager Version6.3.1.2
IbmTivoli Storage Manager Version6.3.2.2
IbmTivoli Storage Manager Version6.3.3
IbmTivoli Storage Manager Version6.3.4
IbmTivoli Storage Manager Version6.3.5
IbmTivoli Storage Manager Version6.3.5.1
IbmTivoli Storage Manager Version6.3.6
IbmTivoli Storage Manager Version6.3.6.100
IbmTivoli Storage Manager Version6.4.1
IbmTivoli Storage Manager Version6.4.1.0
IbmTivoli Storage Manager Version6.4.2
IbmTivoli Storage Manager Version6.4.2.100
IbmTivoli Storage Manager Version6.4.2.200
IbmTivoli Storage Manager Version6.4.2.500
IbmTivoli Storage Manager Version6.4.2.600
IbmTivoli Storage Manager Version6.4.3
IbmTivoli Storage Manager Version6.4.3.1
IbmTivoli Storage Manager Version7.1
IbmTivoli Storage Manager Version7.1..5.100
IbmTivoli Storage Manager Version7.1.0.1
IbmTivoli Storage Manager Version7.1.0.2
IbmTivoli Storage Manager Version7.1.0.3
IbmTivoli Storage Manager Version7.1.1
IbmTivoli Storage Manager Version7.1.1.1
IbmTivoli Storage Manager Version7.1.1.2
IbmTivoli Storage Manager Version7.1.1.100
IbmTivoli Storage Manager Version7.1.1.200
IbmTivoli Storage Manager Version7.1.1.300
IbmTivoli Storage Manager Version7.1.3
IbmTivoli Storage Manager Version7.1.3.000
IbmTivoli Storage Manager Version7.1.3.1
IbmTivoli Storage Manager Version7.1.3.2
IbmTivoli Storage Manager Version7.1.3.100
IbmTivoli Storage Manager Version7.1.4
IbmTivoli Storage Manager Version7.1.4.1
IbmTivoli Storage Manager Version7.1.4.2
IbmTivoli Storage Manager Version7.1.5
IbmTivoli Storage Manager Version7.1.5.200
IbmTivoli Storage Manager Version7.1.6
IbmTivoli Storage Manager Version7.1.7
IbmTivoli Storage Manager Version7.1.7.100
IbmTivoli Storage Manager Version7.1.7.200
IbmTivoli Storage Manager Version8.1.0
IbmTivoli Storage Manager Version8.1.1
IbmTivoli Storage Manager Version8.1.1.100
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.46
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.