Vigil@nce - IBM Tivoli Storage Manager Client: information disclosure via Tracing
January 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read logs of Tracing of IBM Tivoli Storage Manager
Client, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Creation date: 03/11/2016.
DESCRIPTION OF THE VULNERABILITY
The IBM Tivoli Storage Manager Client product can log its
operations.
However, the password is also logged.
An attacker can therefore read logs of Tracing of IBM Tivoli
Storage Manager Client, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN