CVE-2016-8940
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-8940
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM Tivoli Storage Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM Tivoli Storage Manager(TSM)是美国IBM公司的一套备份和恢复管理解决方案。该方案支持数据保护、空间管理和存档、业务恢复和灾难恢复等。 IBM TSM中的SQL界面存在安全漏洞,该漏洞源于程序没有对SQL查询执行充分的身份检测。攻击者可利用该漏洞访问密码或其他敏感信息。以下版本受到影响:IBM Tivoli Storage Manager 7.1.0.0版本至7.1.7.0版本,6.3.0.0版本至6.3.6.0版本,6.2版本,6.1版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM Corporation | Tivoli Storage Manager | 5.3.5.3 | - |
II. Public POCs for CVE-2016-8940
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-8940
Please Login to view more intelligence information
- http://www.ibm.com/support/docview.wss?uid=swg21998946x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2016-8940
Same Patch Batch · IBM Corporation · 2017-03-07 · 14 CVEs total
| CVE-2016-8971 | IBM WebSphere MQ 缓冲区错误漏洞 | |
| CVE-2016-9693 | IBM Business Process Manager 安全漏洞 | |
| CVE-2016-9720 | IBM QRadar SIEM和Incident Forensics 信息泄露漏洞 | |
| CVE-2016-9723 | IBM QRadar SIEM和QRadar Incident Forensics 跨站脚本漏洞 | |
| CVE-2016-9724 | IBM QRadar SIEM 安全漏洞 | |
| CVE-2016-9725 | IBM QRadar Incident Forensics 安全漏洞 | |
| CVE-2016-9727 | IBM QRadar SIEM和QRadar Incident Forensics 输入验证漏洞 | |
| CVE-2016-9728 | IBM QRadar SIEM SQL注入漏洞 | |
| CVE-2016-9729 | IBM QRadar SIEM 安全漏洞 | |
| CVE-2016-9730 | IBM QRadar SIEM和QRadar Incident Forensics 跨站请求伪造漏洞 | |
| CVE-2016-9740 | IBM QRadar SIEM 安全漏洞 | |
| CVE-2017-1124 | 多款IBM Maximo Asset Management产品安全漏洞 | |
| CVE-2017-1133 | IBM QRadar SIEM和QRadar Incident Forensics 跨站脚本漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2016-8940
No comments yet