What is the severity of CVE-2016-8916?

CVE-2016-8916 is considered to have a medium severity due to the potential exposure of sensitive password information.

How do I fix CVE-2016-8916?

To fix CVE-2016-8916, users should upgrade to a patched version of IBM Tivoli Storage Manager that does not log sensitive information.

Which versions are affected by CVE-2016-8916?

CVE-2016-8916 affects IBM Tivoli Storage Manager versions 5.5, 6.1 to 6.4, and 7.1.

What type of information is exposed in CVE-2016-8916?

CVE-2016-8916 exposes password information that is stored in log files, making it accessible to local users.

Is CVE-2016-8916 a local or remote vulnerability?

CVE-2016-8916 is a local vulnerability, as it requires access to the affected system to read the log files.

Vulnerability/
CVE-2016-8916

medium

5.5

CWE

200

5/5/2017

6/8/2024

CVE-2016-8916: Infoleak

First published: Fri May 05 2017(Updated: )

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Storage Manager	<=6.3
IBM Tivoli Storage Manager	=6.4.0.0
IBM Tivoli Storage Manager	=6.4.1
IBM Tivoli Storage Manager	=6.4.1.0
IBM Tivoli Storage Manager	=6.4.2
IBM Tivoli Storage Manager	=6.4.2.100
IBM Tivoli Storage Manager	=6.4.2.200
IBM Tivoli Storage Manager	=6.4.2.500
IBM Tivoli Storage Manager	=6.4.2.600
IBM Tivoli Storage Manager	=6.4.3
IBM Tivoli Storage Manager	=6.4.3.1
IBM Tivoli Storage Manager	=7.1
IBM Tivoli Storage Manager	=7.1..5.100
IBM Tivoli Storage Manager	=7.1.0.1
IBM Tivoli Storage Manager	=7.1.0.2
IBM Tivoli Storage Manager	=7.1.0.3
IBM Tivoli Storage Manager	=7.1.1
IBM Tivoli Storage Manager	=7.1.1.1
IBM Tivoli Storage Manager	=7.1.1.2
IBM Tivoli Storage Manager	=7.1.1.100
IBM Tivoli Storage Manager	=7.1.1.200
IBM Tivoli Storage Manager	=7.1.1.300
IBM Tivoli Storage Manager	=7.1.3
IBM Tivoli Storage Manager	=7.1.3.000
IBM Tivoli Storage Manager	=7.1.3.1
IBM Tivoli Storage Manager	=7.1.3.2
IBM Tivoli Storage Manager	=7.1.3.100
IBM Tivoli Storage Manager	=7.1.4
IBM Tivoli Storage Manager	=7.1.4.1
IBM Tivoli Storage Manager	=7.1.4.2
IBM Tivoli Storage Manager	=7.1.5
IBM Tivoli Storage Manager	=7.1.5.200
IBM Tivoli Storage Manager	=7.1.6
IBM Tivoli Storage Manager	=7.1.6.2
IBM Tivoli Storage Manager	=7.1.6.3
IBM Tivoli Storage Manager	=7.1.6.4

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21998166

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-8916?
CVE-2016-8916 is considered to have a medium severity due to the potential exposure of sensitive password information.
How do I fix CVE-2016-8916?
To fix CVE-2016-8916, users should upgrade to a patched version of IBM Tivoli Storage Manager that does not log sensitive information.
Which versions are affected by CVE-2016-8916?
CVE-2016-8916 affects IBM Tivoli Storage Manager versions 5.5, 6.1 to 6.4, and 7.1.
What type of information is exposed in CVE-2016-8916?
CVE-2016-8916 exposes password information that is stored in log files, making it accessible to local users.
Is CVE-2016-8916 a local or remote vulnerability?
CVE-2016-8916 is a local vulnerability, as it requires access to the affected system to read the log files.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/remedy
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm tivoli storage manager
version/ibm tivoli storage manager/6.3
version/ibm tivoli storage manager/6.4.0.0
version/ibm tivoli storage manager/6.4.1
version/ibm tivoli storage manager/6.4.1.0
version/ibm tivoli storage manager/6.4.2
version/ibm tivoli storage manager/6.4.2.100
version/ibm tivoli storage manager/6.4.2.200
version/ibm tivoli storage manager/6.4.2.500
version/ibm tivoli storage manager/6.4.2.600
version/ibm tivoli storage manager/6.4.3
version/ibm tivoli storage manager/6.4.3.1
version/ibm tivoli storage manager/7.1
version/ibm tivoli storage manager/7.1..5.100
version/ibm tivoli storage manager/7.1.0.1
version/ibm tivoli storage manager/7.1.0.2
version/ibm tivoli storage manager/7.1.0.3
version/ibm tivoli storage manager/7.1.1
version/ibm tivoli storage manager/7.1.1.1
version/ibm tivoli storage manager/7.1.1.2
version/ibm tivoli storage manager/7.1.1.100
version/ibm tivoli storage manager/7.1.1.200
version/ibm tivoli storage manager/7.1.1.300
version/ibm tivoli storage manager/7.1.3
version/ibm tivoli storage manager/7.1.3.000
version/ibm tivoli storage manager/7.1.3.1
version/ibm tivoli storage manager/7.1.3.2
version/ibm tivoli storage manager/7.1.3.100
version/ibm tivoli storage manager/7.1.4
version/ibm tivoli storage manager/7.1.4.1
version/ibm tivoli storage manager/7.1.4.2
version/ibm tivoli storage manager/7.1.5
version/ibm tivoli storage manager/7.1.5.200
version/ibm tivoli storage manager/7.1.6
version/ibm tivoli storage manager/7.1.6.2
version/ibm tivoli storage manager/7.1.6.3
version/ibm tivoli storage manager/7.1.6.4