Vulnerability Description
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Storage Flashcopy Manager | 4.1.0 |
| Ibm | Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server | 7.1 |
| Ibm | Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server | 7.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21963630PatchVendor Advisory
- http://www.securitytracker.com/id/1033270
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21963630PatchVendor Advisory
- http://www.securitytracker.com/id/1033270
FAQ
What is CVE-2015-4949?
CVE-2015-4949 is a vulnerability with a CVSS score of 2.1 (LOW). IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, an...
How severe is CVE-2015-4949?
CVE-2015-4949 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4949?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Storage Flashcopy Manager, Ibm Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Ibm Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server.