VIR Vulnerability Intelligence Relay

CVE-2016-3059

medium
Published 2016-08-08 · Modified 2026-05-06
CVSS v3
6.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2
2.1
VIR risk
6.2

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.

Predictions

Exploit likelihood
62%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21987333

Application impact
VendorProductVersionsFixed
ibm ibmtivoli_storage_flashcopy_manager_for_sql_server{"startIncluding":"3.1.0.0","endIncluding":"3.1.1.6"}
ibm ibmtivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server{"startIncluding":"6.3.0.0","endIncluding":"6.3.1.8"}

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.