cvedb.io
CVE-2016-8940
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2017-03-07T17:59:00.150 · Last modified 2026-06-17T00:55:13.107

Summary

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.

Affected products

ibm — tivoli_storage_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when ibm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.