{"id":"CVE-2016-8937","details":"The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.","modified":"2026-03-14T09:23:21.331966Z","published":"2017-10-05T17:29:00.217Z","references":[{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"},{"type":"FIX","url":"http://www.ibm.com/support/docview.wss?uid=swg22007935"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.5.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.5.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1.5.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.0.15"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.0.17"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.5.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.6.100"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.2.100"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.2.200"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.2.500"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.2.600"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1..5.100"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1.100"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1.200"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1.300"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.3.000"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.3.100"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.5.200"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.7.100"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.7.200"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1.100"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8937.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}