What is the severity of CVE-2015-7404?

CVE-2015-7404 is categorized as a moderate severity vulnerability affecting specific versions of IBM Tivoli Storage Manager.

How do I fix CVE-2015-7404?

To fix CVE-2015-7404, upgrade to IBM Tivoli Storage Manager for Databases version 5.5.6.2 or later, 6.3.1.6 or later, 6.4.1.8 or later, or 7.1.4.

What impact does CVE-2015-7404 have on my system?

CVE-2015-7404 could enable unauthorized access or manipulation of data, affecting database and email server integrity.

Which versions of Tivoli Storage Manager are affected by CVE-2015-7404?

CVE-2015-7404 affects IBM Tivoli Storage Manager for Databases versions 5.5 through 5.5.5, 6.3 through 6.3.1.5, 6.4 through 6.4.1.7, and 7.1 through 7.1.2.1.

Is there a workaround for CVE-2015-7404 until I can apply the fix?

There are no known workarounds for CVE-2015-7404; applying the appropriate update is the recommended solution.

Vulnerability/
CVE-2015-7404

low

1.9

CWE

200

14/11/2015

6/8/2024

CVE-2015-7404: Infoleak

First published: Sat Nov 14 2015(Updated: )

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5.2
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5.3
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5.4
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5.5
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=5.5.6
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.3
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.3.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.3.1.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.3.1.2
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.3.1.3
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.3.1.5
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.0.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.0.2
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.1.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.1.2
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.1.3
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.1.4
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=6.4.1.7
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=7.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=7.1.0.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=7.1.0.2
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=7.1.1.1
IBM Tivoli Storage Manager for Databases Data Protection for Microsoft SQL Server	=7.1.2.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=5.5
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=5.5.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.1.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.1.2
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.1.3
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.3
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.3.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.4
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=6.4.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1.0.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1.0.2
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1.2.0
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1.2.1
IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server	=7.1.3.0
IBM FlashCopy Manager	=2.1.0
IBM FlashCopy Manager	=2.2.0
IBM FlashCopy Manager	=2.2.1
IBM FlashCopy Manager	=3.1.0
IBM FlashCopy Manager	=3.1.1
IBM FlashCopy Manager	=3.2.0
IBM FlashCopy Manager	=3.2.1
IBM FlashCopy Manager	=4.1.0
IBM FlashCopy Manager	=4.1.0.1
IBM FlashCopy Manager	=6.1.3
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-7404?
CVE-2015-7404 is categorized as a moderate severity vulnerability affecting specific versions of IBM Tivoli Storage Manager.
How do I fix CVE-2015-7404?
To fix CVE-2015-7404, upgrade to IBM Tivoli Storage Manager for Databases version 5.5.6.2 or later, 6.3.1.6 or later, 6.4.1.8 or later, or 7.1.4.
What impact does CVE-2015-7404 have on my system?
CVE-2015-7404 could enable unauthorized access or manipulation of data, affecting database and email server integrity.
Which versions of Tivoli Storage Manager are affected by CVE-2015-7404?
CVE-2015-7404 affects IBM Tivoli Storage Manager for Databases versions 5.5 through 5.5.5, 6.3 through 6.3.1.5, 6.4 through 6.4.1.7, and 7.1 through 7.1.2.1.
Is there a workaround for CVE-2015-7404 until I can apply the fix?
There are no known workarounds for CVE-2015-7404; applying the appropriate update is the recommended solution.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm tivoli storage manager for databases data protection for microsoft sql server
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5.2
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5.3
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5.4
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5.5
version/ibm tivoli storage manager for databases data protection for microsoft sql server/5.5.6
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.3
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.3.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.3.1.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.3.1.2
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.3.1.3
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.3.1.5
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.0.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.0.2
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.1.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.1.2
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.1.3
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.1.4
version/ibm tivoli storage manager for databases data protection for microsoft sql server/6.4.1.7
version/ibm tivoli storage manager for databases data protection for microsoft sql server/7.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/7.1.0.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/7.1.0.2
version/ibm tivoli storage manager for databases data protection for microsoft sql server/7.1.1.1
version/ibm tivoli storage manager for databases data protection for microsoft sql server/7.1.2.1
canonical/ibm tivoli storage manager for mail data protection for microsoft exchange server
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/5.5
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/5.5.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.1.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.1.2
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.1.3
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.3
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.3.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.4
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/6.4.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1.0.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1.0.2
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1.2.0
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1.2.1
version/ibm tivoli storage manager for mail data protection for microsoft exchange server/7.1.3.0
canonical/ibm flashcopy manager
version/ibm flashcopy manager/2.1.0
version/ibm flashcopy manager/2.2.0
version/ibm flashcopy manager/2.2.1
version/ibm flashcopy manager/3.1.0
version/ibm flashcopy manager/3.1.1
version/ibm flashcopy manager/3.2.0
version/ibm flashcopy manager/3.2.1
version/ibm flashcopy manager/4.1.0
version/ibm flashcopy manager/4.1.0.1
version/ibm flashcopy manager/6.1.3
vendor/microsoft
canonical/microsoft windows