CVE-2016-6044 | ByteOS Network

Vulnerability Details :

CVE-2016-6044

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-01 Feb, 2017 | 20:00

Updated At-06 Aug, 2024 | 01:22

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:ibm

Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522

Published At:01 Feb, 2017 | 20:00

Updated At:06 Aug, 2024 | 01:22

▼CVE Numbering Authority (CNA)

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.

Affected Products

Vendor

IBM Corporation

Product

Tivoli Storage Manager Extended Edition

Versions

Affected

6.4
7.1
7.1.1
6.1
6.2
6.3

Problem Types

Type	CWE ID	Description
text	N/A	Gain Privileges

Type: text

CWE ID: N/A

Description: Gain Privileges

References

Hyperlink	Resource
http://www.securityfocus.com/bid/95091	vdb-entry x_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg21995754	x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/95091

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995754

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/95091	vdb-entry x_refsource_BID x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21995754	x_refsource_CONFIRM x_transferred

Hyperlink: http://www.securityfocus.com/bid/95091

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995754

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

Source:psirt@us.ibm.com

Published At:01 Feb, 2017 | 20:59

Updated At:20 Apr, 2025 | 01:37

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:N

CPE Matches

IBM Corporation

>>tivoli_storage_manager>>6.4.1

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>6.4.1.1

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>6.4.2

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>6.4.2.1

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>6.4.2.2

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>6.4.2.3

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>6.4.2.4

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1

cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.0.1

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.0.2

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.1.1

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.1.2

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.3

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.3.1

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.3.2

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.4

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.4.1

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.4.2

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*

IBM Corporation

>>tivoli_storage_manager>>7.1.7

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-284	Primary	nvd@nist.gov

CWE ID: CWE-284

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.ibm.com/support/docview.wss?uid=swg21995754	psirt@us.ibm.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/95091	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21995754	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/bid/95091	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995754

Source: psirt@us.ibm.com

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/95091

Source: psirt@us.ibm.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995754

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/95091

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry