All the vulnerabilites related to ibm - tivoli_storage_manager
Vulnerability from fkie_nvd
Published
2015-02-14 02:59
Modified
2024-11-21 02:13
Severity ?
Summary
The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | aix | * | |
| ibm | linux_on_ibm_z | * | |
| linux | linux_kernel | * | |
| microsoft | windows | * | |
| ibm | tivoli_storage_manager | 5.5 | |
| ibm | aix | * | |
| ibm | linux_on_ibm_z | * | |
| ibm | z\/os | * | |
| linux | linux_kernel | * | |
| microsoft | windows | * | |
| ibm | tivoli_storage_manager | 6.4 | |
| ibm | aix | * | |
| ibm | linux_on_ibm_z | * | |
| microsoft | windows | * | |
| ibm | tivoli_storage_manager | 6.1 | |
| ibm | aix | * | |
| ibm | aix | * | |
| ibm | linux_on_ibm_z | * | |
| ibm | linux_on_ibm_z | * | |
| ibm | z\/os | * | |
| linux | linux_kernel | * | |
| microsoft | windows | * | |
| oracle | solaris | * | |
| ibm | tivoli_storage_manager | 5.4 | |
| ibm | aix | * | |
| ibm | z\/os | * | |
| linux | linux_kernel | * | |
| microsoft | windows | * | |
| oracle | solaris | * | |
| ibm | tivoli_storage_manager | 6.3 | |
| ibm | aix | * | |
| ibm | linux_on_ibm_z | * | |
| ibm | tivoli_storage_manager | 6.2 | |
| ibm | aix | * | |
| ibm | aix | * | |
| ibm | linux_on_ibm_z | * | |
| linux | linux_kernel | * | |
| microsoft | windows | * | |
| oracle | solaris | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8132A11-39D4-45A3-B74F-DF1F849D841C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2AB621EB-370C-4009-AE54-42C6BD2C9324",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C0933A83-98F6-43B1-BB02-03F8F1C9F38D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D9816F-5D2A-4B2B-A654-16B4AE04B88D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "282931BE-0838-45CA-AC9D-EAD0C4244448",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BC2B53A0-302B-4A34-89CD-842C3692927F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A9DB7F-187D-42BA-B271-1C302E529BFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "644EDED7-7696-448D-A1F5-D361540B680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4D3E9E-144A-4F7C-973A-F7FBE0776FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8132A11-39D4-45A3-B74F-DF1F849D841C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2AB621EB-370C-4009-AE54-42C6BD2C9324",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8132A11-39D4-45A3-B74F-DF1F849D841C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "282931BE-0838-45CA-AC9D-EAD0C4244448",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2AB621EB-370C-4009-AE54-42C6BD2C9324",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BC2B53A0-302B-4A34-89CD-842C3692927F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A9DB7F-187D-42BA-B271-1C302E529BFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "644EDED7-7696-448D-A1F5-D361540B680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:sparc:*",
"matchCriteriaId": "B09F81E2-4FEA-4DFF-95A1-8CABC27FF166",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A77C9-AB75-4133-8441-9BEE8591A717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "282931BE-0838-45CA-AC9D-EAD0C4244448",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A9DB7F-187D-42BA-B271-1C302E529BFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "644EDED7-7696-448D-A1F5-D361540B680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:sparc:*",
"matchCriteriaId": "B09F81E2-4FEA-4DFF-95A1-8CABC27FF166",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8132A11-39D4-45A3-B74F-DF1F849D841C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2AB621EB-370C-4009-AE54-42C6BD2C9324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7660C8A-2C6A-4AA1-95DB-DA6F4BA7A821",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8132A11-39D4-45A3-B74F-DF1F849D841C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "282931BE-0838-45CA-AC9D-EAD0C4244448",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2AB621EB-370C-4009-AE54-42C6BD2C9324",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "644EDED7-7696-448D-A1F5-D361540B680F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:sparc:*",
"matchCriteriaId": "B09F81E2-4FEA-4DFF-95A1-8CABC27FF166",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors."
},
{
"lang": "es",
"value": "Los componentes (1) Java GUI y (2) Web GUI en el cliente IBM Tivoli Storage Manager (TSM) Backup-Archive 5.4 y 5.5 anterior a 5.5.4.4 en AIX, Linux, y Solaris; 5.4.x y 5.5.x en Windows y z/OS; 6.1 anterior a 6.1.5.7 en z/OS; 6.1 y 6.2 anterior a 6.2.5.2 en Windows, anterior a 6.2.5.3 en AIX y Linux x86, y anterior a 6.2.5.4 en Linux Z y Solaris; 6.3 anterior a 6.3.2.1 en AIX, anterior a 6.3.2.2 en Windows, y anterior a 6.3.2.3 en Linux; 6.4 anterior a 6.4.2.1; y 7.1 anterior a 7.1.1 en IBM TSM for Mail, cuando el componente Data Protection for Lotus Domino est\u00e1 utilizado, permiten a usuarios locales evadir la autenticaci\u00f3n y restablecer una copia de seguridad de la base de datos Domino o del registro de transacciones a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6195",
"lastModified": "2024-11-21T02:13:57.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-14T02:59:01.333",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695183"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98607"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-18 23:59
Modified
2024-11-21 02:10
Severity ?
Summary
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7FD0D2-E106-4152-AF87-0E8BEE44DDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A50035-DA7C-4F8F-B36A-3C5194098F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6521E9-3106-49F6-84DF-66FFE47BDAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A6731C-74A9-4FA9-8F2B-66D5F623151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1464DB-B192-4459-9C6D-34E8213CDC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79B76B2B-D92E-4000-8779-87C01BE55E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8452AD-9871-4BDC-8302-EB6CD86A0C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28A2C9-21A0-48E2-88DD-C2336D990523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256AFD08-1918-46D6-9A7A-AE50ACDE9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA451EA-3F6E-4063-99E2-0D1D6950CC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4E3EAE-A032-4A42-91C9-5D1E1CC048B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58353CBA-C09A-4F19-BDE4-D0243AEF3213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C40A61-30E2-4FD4-A29B-715981201F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A77C9-AB75-4133-8441-9BEE8591A717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D01ED5FF-D648-4B94-A555-D702804079D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F41474E8-A930-43D1-8F4D-E6C219B6DB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D813D-9D9E-4FC6-984F-0E31ED4101C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C2CB3F-61A9-4970-B043-11A105B2D439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9311DE26-75E2-4588-858E-38497D7A8984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99AF4A3C-759F-41C4-B471-C2D63409919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6959DE-5D31-49E4-B986-0E6F1BBD10D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "27BFC575-56CB-4A9C-9BE5-4E91B38CBD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC99211-3DF3-414F-BC31-59286E7C84A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705A5381-AEA6-4FA2-B0EC-AD5F9E4FC985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "335EAE82-7CC6-4420-BCD1-81FD54FD60ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C31C57-90BD-46E7-A1C8-A73F72D81BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B485D043-6865-4BA3-A3F9-DDC803495A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E9FBE6-B342-43BD-BB32-650A87AB8EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BF5A53-0FEE-49E2-B2C2-918ECBB36256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename."
},
{
"lang": "es",
"value": "El servidor en IBM Tivoli Storage Manager (TSM) 5.x y 6.x anterior a 6.3.5.10 y 7.x anterior a 7.1.1.100 permitir\u00eda a atacantes remotos eludir las restricciones de acceso y reemplazar las copias de seguridad de archivos mediante el uso de una determinada opci\u00f3n de copia de seguridad junto con un nombre de archivo que coincida con un nombre de archivo utilizado previamente."
}
],
"id": "CVE-2014-4817",
"lastModified": "2024-11-21T02:10:55.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-18T23:59:00.097",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-11 14:19
Modified
2024-11-21 00:51
Severity ?
Summary
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| ibm | tivoli_storage_manager | 5.2 | |
| ibm | tivoli_storage_manager | 5.3 | |
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 5.3.2 | |
| ibm | tivoli_storage_manager | 5.3.2.4 | |
| ibm | tivoli_storage_manager | 5.3.3 | |
| ibm | tivoli_storage_manager | 5.3.4 | |
| ibm | tivoli_storage_manager | 5.3.5.1 | |
| ibm | tivoli_storage_manager | 5.4.0 | |
| ibm | tivoli_storage_manager | 5.4.1 | |
| ibm | tivoli_storage_manager | 5.4.2 | |
| ibm | tivoli_storage_manager | 5.4.2.2 | |
| ibm | tivoli_storage_manager | 5.4.2.3 | |
| ibm | tivoli_storage_manager | 5.4.2.4 | |
| ibm | tivoli_storage_manager | 5.4.4.0 | |
| ibm | tivoli_storage_manager_express | 5.3 | |
| ibm | tivoli_storage_manager_express | 5.3.3.0 | |
| ibm | tivoli_storage_manager_express | 5.3.6.4 | |
| ibm | tivoli_storage_manager_express | 5.3.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28A2C9-21A0-48E2-88DD-C2336D990523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E6A344-E062-4179-9CFA-CF912B4AED16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A140293-8F4A-4AB4-9EE8-36D0EB398C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AABAD076-C9D6-481E-B9DC-CEB95C224979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_express:5.3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "77114204-172B-4E6A-AFFE-E6123458F0C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca adsmdll.dll versi\u00f3n 5.3.7.7296, como es usada por el demonio (dsmsvc.exe) en el servidor de respaldo en Tivoli Storage Manager (TSM) Express de IBM versi\u00f3n 5.3.7.3 y anteriores y TSM versi\u00f3n 5.2, versiones 5.3 anteriores a 5.3.6.0 , y versiones 5.4.0.0 hasta 5.4.4.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un valor de longitud dise\u00f1ado."
}
],
"id": "CVE-2008-4563",
"lastModified": "2024-11-21T00:51:59.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-11T14:19:15.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52617"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34245"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021837"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34077"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0669"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/42639 | Broken Link | |
| cve@mitre.org | http://securitytracker.com/id?1024901 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150 | Broken Link | |
| cve@mitre.org | http://www.ibm.com/support/docview.wss?uid=swg21454745 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/3251 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42639 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024901 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21454745 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3251 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3503DC86-86A4-4E71-A582-E8AA009745E7",
"versionEndExcluding": "5.4.3.4",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B604BBF-7CEC-4D45-81B2-57A5480DAA03",
"versionEndExcluding": "5.5.3",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749027E1-4A6C-4FA3-9636-9B9E3B0F5EE1",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065EED8F-BC91-40F2-81D0-E47881E72AE4",
"versionEndExcluding": "6.2.2",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"script execution vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el cliente Space Management en el Hierarchical Storage Management (HSM) component en IBM Tivoli Storage Manager (TSM) v 5.4.x anterior a v5.4.3.4, v5.5.x anterior a v5.5.3, v6.1.x anterior a v6.1.4, y v6.2.x anterior a v6.2.2 sobre Unix y Linux, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores no especificados. Relacionado con una \"vulnerabilidad de ejecuci\u00f3n de secuencias de comandos\"."
}
],
"id": "CVE-2010-4606",
"lastModified": "2024-11-21T01:21:20.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-29T18:00:03.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42639"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-24 20:59
Modified
2024-11-21 02:10
Severity ?
Summary
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.4.0 | |
| ibm | tivoli_storage_manager | 5.5 | |
| ibm | tivoli_storage_manager | 6.1 | |
| ibm | tivoli_storage_manager | 6.2 | |
| ibm | tivoli_storage_manager | 6.3 | |
| ibm | tivoli_storage_manager | 6.3.3 | |
| ibm | tivoli_storage_manager | 6.3.4 | |
| ibm | tivoli_storage_manager | 6.3.5 | |
| ibm | tivoli_storage_manager | 6.4 | |
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D9816F-5D2A-4B2B-A654-16B4AE04B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7660C8A-2C6A-4AA1-95DB-DA6F4BA7A821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4D3E9E-144A-4F7C-973A-F7FBE0776FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors."
},
{
"lang": "es",
"value": "dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x anterior a 6.4.3, y 7.1.x anterior a 7.1.2 permite a usuarios locales descubrir la contrase\u00f1a de la clave del cifrado de backup/restore a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4818",
"lastModified": "2024-11-21T02:10:55.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-24T20:59:00.050",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697022"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/72771"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031795"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-06 19:28
Modified
2024-11-21 00:20
Severity ?
Summary
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.2.7 | |
| ibm | tivoli_storage_manager | 5.2.8 | |
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 5.3.2 | |
| ibm | tivoli_storage_manager | 5.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en IBM Tivoli Storage Manager (TSM) anterior a 5.2.9 y 5.3.x anterior a 5.3.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante mediante una cadena larga en (1) el campo language al comenzar la sesi\u00f3n que empieza con un byte 0x18, (2) dos par\u00e1metros no especificados a la funci\u00f3n SmExecuteWdsfSession , y (3) el campo contact en un mensaje de registro abierto."
}
],
"id": "CVE-2006-5855",
"lastModified": "2024-11-21T00:20:49.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-06T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23177"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1979"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017333"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/350625"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/478753"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/887249"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/21440"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4856"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/350625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/478753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/887249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/21440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 15:29
Modified
2024-11-21 04:00
Severity ?
6.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10719401 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/142696 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10719401 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/142696 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510B228-9418-4841-A389-903F299FC005",
"versionEndIncluding": "7.1.8.2",
"versionStartIncluding": "7.1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47643E98-C42A-4BA1-841C-46F2DD2C10E4",
"versionEndIncluding": "8.1.4",
"versionStartIncluding": "8.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3591CA5B-D577-45FB-99D1-D009E8D56A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76C5CA2-27EF-4A15-90AD-A4E7CF54D2B4",
"versionEndIncluding": "7.1.8.2",
"versionStartIncluding": "7.1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4DE7B2-1D22-48D4-9C60-CA2463DAF4FB",
"versionEndIncluding": "8.1.4.1",
"versionStartIncluding": "8.1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFC7506-645F-47ED-8658-C334AB96C8A2",
"versionEndIncluding": "7.1.8.2",
"versionStartIncluding": "7.1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8BA9D9-9AD0-4360-9308-5E3325A4AA0B",
"versionEndIncluding": "8.1.4.1",
"versionStartIncluding": "8.1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
},
{
"lang": "es",
"value": "IBM Spectrum Protect 7.1 y 8.1 podr\u00eda permitir que un usuario local corrompa o elimine informaci\u00f3n altamente sensible que provocar\u00eda una denegaci\u00f3n de servicio (DoS) en otros usuarios. IBM X-Force ID: 142696."
}
],
"id": "CVE-2018-1550",
"lastModified": "2024-11-21T04:00:00.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T15:29:00.420",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-21 04:35
Modified
2024-11-21 01:47
Severity ?
Summary
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03B94E-62C9-457F-BC95-5F97EADAEE8A",
"versionEndIncluding": "6.2.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6642D8F1-3F9B-4613-A343-B3D4E9849CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E6F6FA-77B8-4FFD-B7B2-6206651BBEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6454A8C4-407C-455F-8922-D7D703C52245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40C35632-F7D5-494A-BE62-2DB121ED6234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62532061-2092-481A-B699-4EA1500F80D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7FD0D2-E106-4152-AF87-0E8BEE44DDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A50035-DA7C-4F8F-B36A-3C5194098F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6521E9-3106-49F6-84DF-66FFE47BDAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A6731C-74A9-4FA9-8F2B-66D5F623151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1464DB-B192-4459-9C6D-34E8213CDC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79B76B2B-D92E-4000-8779-87C01BE55E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8452AD-9871-4BDC-8302-EB6CD86A0C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28A2C9-21A0-48E2-88DD-C2336D990523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256AFD08-1918-46D6-9A7A-AE50ACDE9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA451EA-3F6E-4063-99E2-0D1D6950CC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4E3EAE-A032-4A42-91C9-5D1E1CC048B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58353CBA-C09A-4F19-BDE4-D0243AEF3213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C40A61-30E2-4FD4-A29B-715981201F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A77C9-AB75-4133-8441-9BEE8591A717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D01ED5FF-D648-4B94-A555-D702804079D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705A5381-AEA6-4FA2-B0EC-AD5F9E4FC985",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors."
},
{
"lang": "es",
"value": "La interfaz gr\u00e1fica de usuario Web en el cliente de IBM Tivoli Storage Manager (TSM) v6,3 antes de v6.3.1.0 y v6,4 antes de v6.4.0.1 permite ataques de man-in-the-middle para obtener acceso de clientes no especificados, y por lo tanto obtener acceso al servidor sin especificar, a trav\u00e9s de vectores desconocidos ."
}
],
"id": "CVE-2013-0472",
"lastModified": "2024-11-21T01:47:39.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-21T04:35:52.983",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624118"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81216"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 17:29
Modified
2024-11-21 03:00
Severity ?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007935 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007935 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*",
"matchCriteriaId": "4717F07E-B1B0-4F90-9ECF-DD08E3E94D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*",
"matchCriteriaId": "13B7B79B-C85C-4CF6-BBBF-DB00D857BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB2B65F-A847-47E9-85D9-C42EC7F7F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0587F4BC-4B77-42A1-BA13-296C6CD41355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
},
{
"lang": "es",
"value": "El protocolo de autenticaci\u00f3n por defecto de IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) es vulnerable a ataques de fuerza bruta ya que revela demasiada informaci\u00f3n durante el proceso de autenticaci\u00f3n. Un atacante podr\u00eda obtener acceso administrativo o de usuario al servidor TSM. IBM X-Force ID: 118750."
}
],
"id": "CVE-2016-8937",
"lastModified": "2024-11-21T03:00:20.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95091 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95091 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.1.1 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 6.4.2.1 | |
| ibm | tivoli_storage_manager | 6.4.2.2 | |
| ibm | tivoli_storage_manager | 6.4.2.3 | |
| ibm | tivoli_storage_manager | 6.4.2.4 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.2 | |
| ibm | tivoli_storage_manager | 7.1.3 | |
| ibm | tivoli_storage_manager | 7.1.3.1 | |
| ibm | tivoli_storage_manager | 7.1.3.2 | |
| ibm | tivoli_storage_manager | 7.1.4 | |
| ibm | tivoli_storage_manager | 7.1.4.1 | |
| ibm | tivoli_storage_manager | 7.1.4.2 | |
| ibm | tivoli_storage_manager | 7.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC31A7A-CFFB-4590-B6B4-494F1005E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1864921-DA58-433F-8DFE-BF1E25B02C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89E630-36F0-4807-B4B0-C53FFB636497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7B9E69-407D-48E2-B49F-1C9263C052F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application\u0027s REST API, which may let the attacker violate security policy."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager Operations Center podr\u00eda permitir a un atacante autenticado para habilitar o deshabilitar la APRI REST de la aplicaci\u00f3n, lo que puede permitir que el atacante viole la pol\u00edtica de seguridad."
}
],
"id": "CVE-2016-6044",
"lastModified": "2024-11-21T02:55:23.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:01.910",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95091"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-13 02:59
Modified
2024-11-21 02:13
Severity ?
Summary
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.3.0 | |
| ibm | tivoli_storage_manager | 6.3.0.5 | |
| ibm | tivoli_storage_manager | 6.3.0.15 | |
| ibm | tivoli_storage_manager | 6.3.1.2 | |
| ibm | tivoli_storage_manager | 6.3.2.1 | |
| ibm | tivoli_storage_manager | 6.3.2.2 | |
| ibm | tivoli_storage_manager | 6.4.0 | |
| ibm | tivoli_storage_manager | 6.4.0.1 | |
| ibm | tivoli_storage_manager | 6.4.0.4 | |
| ibm | tivoli_storage_manager | 6.4.0.5 | |
| ibm | tivoli_storage_manager | 6.4.0.7 | |
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.1.3 | |
| ibm | tivoli_storage_manager | 6.4.1.7 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 6.4.2.1 | |
| ibm | tivoli_storage_manager | 7.1.0 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.0.3 | |
| ibm | tivoli_storage_manager | 7.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC99211-3DF3-414F-BC31-59286E7C84A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B485D043-6865-4BA3-A3F9-DDC803495A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E9FBE6-B342-43BD-BB32-650A87AB8EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE5B74B-4D98-42E2-A011-02E6D473F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FC5E0D-997F-4256-8575-E7507D418BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E5BDA-9DBD-4143-882C-F4BA3ADA1595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A66CACC2-73DA-4814-ABA2-19DB74A2ECBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46E24-AABB-455C-BCBE-752E2C0E5BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6506496-40CE-4558-ACCC-363AB9675C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BF5A53-0FEE-49E2-B2C2-918ECBB36256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file."
},
{
"lang": "es",
"value": "dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 6.3 anterior a 6.3.2.3, 6.4 anterior a 6.4.2.2, y 7.1 anterior a 7.1.1.3 no restringe correctamente la carga de la librar\u00eda compartida, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un fichero DSO manipulado."
}
],
"id": "CVE-2014-6185",
"lastModified": "2024-11-21T02:13:55.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-13T02:59:06.157",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-20 05:59
Modified
2024-11-21 02:32
Severity ?
Summary
Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.5 | |
| ibm | tivoli_storage_manager | 6.1 | |
| ibm | tivoli_storage_manager | 6.2 | |
| ibm | tivoli_storage_manager | 6.3 | |
| ibm | tivoli_storage_manager | 6.4 | |
| ibm | tivoli_storage_manager | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D9816F-5D2A-4B2B-A654-16B4AE04B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7660C8A-2C6A-4AA1-95DB-DA6F4BA7A821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4D3E9E-144A-4F7C-973A-F7FBE0776FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL."
},
{
"lang": "es",
"value": "Client Acceptor Daemon (CAD) en el client en IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.2.5, 6.4 en versiones anteriores a 6.4.3.1 y 7.1 en versiones anteriores a 7.1.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una URL de cliente Web manipulada."
}
],
"id": "CVE-2015-4951",
"lastModified": "2024-11-21T02:32:05.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-20T05:59:00.157",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973484"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034692"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-17 23:55
Modified
2024-11-21 02:02
Severity ?
Summary
Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.4.0 | |
| ibm | tivoli_storage_manager | 5.5.0 | |
| ibm | tivoli_storage_manager | 6.1.0 | |
| ibm | tivoli_storage_manager | 6.2.0 | |
| ibm | tivoli_storage_manager | 6.3.0 | |
| ibm | tivoli_storage_manager | 6.4.0 | |
| apple | mac_os_x | * | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC99211-3DF3-414F-BC31-59286E7C84A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E9FBE6-B342-43BD-BB32-650A87AB8EBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Java GUI Configuration Wizard y Preferences Editor en el cliente del archivo de la copia de seguridad en IBM Tivoli Storage Manager (TSM) 5.x y 6.x anterior a 6.2.5.2, 6.3.x anterior a 6.3.2, y 6.4.x anterior a 6.4.2 en Windows y OS X permite a usuarios locales causar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue de la aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0876",
"lastModified": "2024-11-21T02:02:57.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-17T23:55:06.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95875"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673318"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91063"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 18:24
Modified
2024-11-21 01:01
Severity ?
Summary
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the \"admin command line.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servidor en IBM Tivoli Storage Manager (TSM) 5.3.x versiones anteriores a v5.3.2 y 6.x versiones anteriores a v6.1 tiene un impacto desconocido y vectores de ataque relacionados a la \"l\u00ednea de comandos del administrador\"."
}
],
"id": "CVE-2009-1178",
"lastModified": "2024-11-21T01:01:50.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-31T18:24:46.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34498"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021945"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D495CFC-A290-4752-A53B-D5A37C714144",
"versionEndIncluding": "5.3.6.7",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE1FE8D-36F2-4039-B64C-F106F9F86D93",
"versionEndIncluding": "5.4.3.3",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F20A7F-0BC1-4247-B4F8-F7B1BAF3E237",
"versionEndIncluding": "5.5.2.7",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951E603F-D67E-4607-9D84-064BDB63BF90",
"versionEndIncluding": "6.1.3",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n GeneratePassword en dsmtca (tambi\u00e9n conocido como el Trusted Communications Agent o TCA) en el cliente backup-archive en IBM Tivoli Storage Manager (TSM) v5.3.x anterior a v5.3.6.10, v5.4.x anterior a v5.4.3.4, v5.5.x anterior a v5.5.2.10, y v6.1.x anterior a v6.1.3.1 sobre Unix y Linux permite a usuarios locales obtener privilegios especificando una variable de entorno LANG de gran tama\u00f1o y posteriormente enviando una petici\u00f3n sobre una tuber\u00eda (pipe)."
}
],
"id": "CVE-2010-4604",
"lastModified": "2024-11-21T01:21:20.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-29T18:00:03.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42639"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/15745"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/15745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-04 15:30
Modified
2024-11-21 01:08
Severity ?
Summary
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.2.5.3 | |
| ibm | tivoli_storage_manager | 5.3 | |
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 5.3.2 | |
| ibm | tivoli_storage_manager | 5.3.2.4 | |
| ibm | tivoli_storage_manager | 5.3.3 | |
| ibm | tivoli_storage_manager | 5.3.4 | |
| ibm | tivoli_storage_manager | 5.3.5.1 | |
| ibm | tivoli_storage_manager | 5.3.6.1 | |
| ibm | tivoli_storage_manager | 5.3.6.2 | |
| ibm | tivoli_storage_manager | 5.3.6.3 | |
| ibm | tivoli_storage_manager | 5.3.6.4 | |
| ibm | tivoli_storage_manager | 5.3.6.5 | |
| ibm | tivoli_storage_manager | 5.3.6.6 | |
| ibm | tivoli_storage_manager | 5.4.0 | |
| ibm | tivoli_storage_manager | 5.4.1 | |
| ibm | tivoli_storage_manager | 5.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en traditional client scheduler en the client en IBM Tivoli Storage Manager (TSM) v5.3 anteriores a v5.3.6.7 y v5.4 anteriores a v5.4.2"
}
],
"id": "CVE-2009-3854",
"lastModified": "2024-11-21T01:08:20.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-04T15:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32534"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61058"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-12 16:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10738765 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105940 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10738765 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105940 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "314CA0C4-7473-417B-831D-913519497369",
"versionEndIncluding": "8.1.6.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32609201-B182-4C8D-91D7-EFE0565B524D",
"versionEndIncluding": "7.1.8.3",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_manager_for_virtual_environments_data_protection_for_vmware:*:*:*:*:*:vmware:*:*",
"matchCriteriaId": "5A68354B-AD73-4331-AC68-9E532790DFCC",
"versionEndIncluding": "8.1.6.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:*:*:*:*:*:vmware:*:*",
"matchCriteriaId": "61ACD4F3-BCE5-4BB5-A627-7E4933C24418",
"versionEndIncluding": "7.1.8.3",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments_data_protection_for_hyper-v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F0CE08-5F5F-4AA0-95E6-EDF015E69A00",
"versionEndIncluding": "8.1.6.0",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_hyper-v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68787BAC-28F8-41D2-A2E2-DBEB57159DB4",
"versionEndIncluding": "7.1.8.0",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
},
{
"lang": "es",
"value": "Los procesos dsmc y dsmcad de IBM Spectrum Protect 7.1 y 8.1 acumulan incorrectamente sockets TCP/IP en un estado CLOSE_WAIT. Esto puede provocar el filtrado del recurso TCP/IP y podr\u00eda resultar en una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 148871."
}
],
"id": "CVE-2018-1786",
"lastModified": "2024-11-21T04:00:22.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-12T16:29:00.280",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105940"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5842195D-451A-4BDF-8B5C-9E5C906EC738",
"versionEndIncluding": "5.4.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en caracter\u00edstica de copia de seguridad diaria(JBB o Journal Based Backup) en el archivo de copia de seguridad de IBM Tivoli Storage Manager (TSM), antes de v5.4.3.4, en v5.5.x antes de v5.5.3, en v6.x antes de v6.1.4, y en v6.2.x antes de v6.2.2, en Windows y AIX permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-1222",
"lastModified": "2024-11-21T01:25:49.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-17T20:55:01.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45098"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025741"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77049"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-04 03:59
Modified
2024-11-21 02:32
Severity ?
Summary
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.3.3 | |
| ibm | tivoli_storage_manager | 6.3.4 | |
| ibm | tivoli_storage_manager | 6.3.5 | |
| ibm | tivoli_storage_manager | 6.3.5.1 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.1 | |
| ibm | tivoli_storage_manager | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E832B30-592B-43F4-B50D-34CABAC61E3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file."
},
{
"lang": "es",
"value": "El componente Reporting and Monitoring en Tivoli Monitoring en IBM Tivoli Storage Manager 6.3 en versiones anteriores a 6.3.6 y 7.1 en versiones anteriores a 7.1.3 en Linux y AIX utiliza permisos de escritura para todos para archivos no especificados, lo que permite a usuarios locales obtener privilegios mediante la escritura en un archivo."
}
],
"id": "CVE-2015-4927",
"lastModified": "2024-11-21T02:32:02.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-04T03:59:03.133",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969340"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034044"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-07 17:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21998946 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21998946 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3 y 7.1 no realiza comprobaci\u00f3n de autoridad suficiente en consultas SQL. Como resultado, un atacante puede enviar consultas SQL que acceden a tablas de bases de datos que no est\u00e1n destinadas para el acceso o uso por administradores. El acceso a estas tablas de bases de datos de productos espec\u00edficas puede permitir acceso a contrase\u00f1as u otra informaci\u00f3n sensible para el producto. Referencia de IBM #: 1998946."
}
],
"id": "CVE-2016-8940",
"lastModified": "2024-11-21T03:00:20.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T17:59:00.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21996198 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95306 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21996198 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95306 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E304158B-6966-495A-9E59-0AB7AF653E8A",
"versionEndIncluding": "7.1.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5999622E-68F7-4273-BAB7-0B07DCB78163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:*:*:*:*:*:vmware:*:*",
"matchCriteriaId": "2A79BA60-E710-4181-8846-75720E84DA2D",
"versionEndIncluding": "7.1.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.0.0:*:*:*:*:vmware:*:*",
"matchCriteriaId": "F0EA6AF4-F907-4F6C-BA9D-0C74CC76D96F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
},
{
"lang": "es",
"value": "Tivoli Storage Manager de IBM, revela credenciales de inicio de sesi\u00f3n no cifradas en vCenter de Vmware que podr\u00edan ser obtenidas por un usuario local."
}
],
"id": "CVE-2016-6110",
"lastModified": "2024-11-21T02:55:28.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:00.667",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95306"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 17:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006248 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101107 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006248 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101107 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE445AF2-0110-4BC0-B123-CC4C24F974B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C818A4D8-7F9C-417C-BA94-14F5A8692C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
},
{
"lang": "es",
"value": "IBM Spectrum Protect 7.1 y 8.1 podr\u00eda permitir que un atacante local realice un ataque symlink. IBM Spectrum Protect Backup-archive Client crea archivos temporales de manera no segura. Un atacante local podr\u00eda explotar esta vulnerabilidad creando un enlace simb\u00f3lico de un archivo temporal a varios archivos del sistema, lo que podr\u00eda permitir que el atacante sobrescriba archivos arbitrarios en el sistema con privilegios elevados. IBM X-Force ID: 125163."
}
],
"id": "CVE-2017-1301",
"lastModified": "2024-11-21T03:21:40.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.297",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 21:59
Modified
2024-11-21 02:49
Severity ?
Summary
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D9816F-5D2A-4B2B-A654-16B4AE04B88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F41474E8-A930-43D1-8F4D-E6C219B6DB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D813D-9D9E-4FC6-984F-0E31ED4101C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C2CB3F-61A9-4970-B043-11A105B2D439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66CC6409-5ADA-450E-B486-8E1D8F97DBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D789F756-2B42-4C39-94ED-AEC0A82FE119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7660C8A-2C6A-4AA1-95DB-DA6F4BA7A821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99AF4A3C-759F-41C4-B471-C2D63409919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC99211-3DF3-414F-BC31-59286E7C84A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4D3E9E-144A-4F7C-973A-F7FBE0776FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E9FBE6-B342-43BD-BB32-650A87AB8EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE5B74B-4D98-42E2-A011-02E6D473F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FC5E0D-997F-4256-8575-E7507D418BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6E5BDA-9DBD-4143-882C-F4BA3ADA1595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A66CACC2-73DA-4814-ABA2-19DB74A2ECBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46E24-AABB-455C-BCBE-752E2C0E5BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6506496-40CE-4558-ACCC-363AB9675C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E832B30-592B-43F4-B50D-34CABAC61E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions."
},
{
"lang": "es",
"value": "IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 hasta la versi\u00f3n 6.3 en versiones anteriores a 6.3.2.6, 6.4 en versiones anteriores a 6.4.3.3 y 7.1 en versiones anteriores a 7.1.6 permite a usuarios locales obtener datos sensibles recuperados de cuentas arbitrarias en circunstancias oportunistas aprovechando un uso anterior de un symlink durante acciones de archivo y recuperaci\u00f3n."
}
],
"id": "CVE-2016-2894",
"lastModified": "2024-11-21T02:49:00.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T21:59:14.150",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985579"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/91534"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1036220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036220"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 17:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007936 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101113 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039498 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007936 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101113 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039498 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*",
"matchCriteriaId": "4717F07E-B1B0-4F90-9ECF-DD08E3E94D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*",
"matchCriteriaId": "13B7B79B-C85C-4CF6-BBBF-DB00D857BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB2B65F-A847-47E9-85D9-C42EC7F7F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0587F4BC-4B77-42A1-BA13-296C6CD41355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
},
{
"lang": "es",
"value": "El servidor de IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) utiliza un cifrado de contrase\u00f1a d\u00e9bil. Un administrador de la base de datos podr\u00eda descifrar la contrase\u00f1a del cliente o administrador de IBM Spectrum Protect, pudiendo provocar que se divulgue informaci\u00f3n o una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 126247."
}
],
"id": "CVE-2017-1339",
"lastModified": "2024-11-21T03:21:44.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.327",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-06 20:15
Modified
2024-11-21 05:22
Severity ?
Summary
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py | Exploit, Third Party Advisory | |
| cve@mitre.org | https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "335583D7-12D1-46BB-AC8A-8369B7E13D35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGNO ** El par\u00e1metro \"id\" de IBM Tivoli Storage Manager Versi\u00f3n 5 Release 2 (Interfaz Administrativa de L\u00ednea de Comandos, dsmadmc.exe) es vulnerable a un desbordamiento del b\u00fafer de la pila explotable.\u0026#xa0;Nota: la vulnerabilidad puede ser explotada cuando es usado en modo \"interactive\" mientras que, debido a una limitaci\u00f3n del n\u00famero m\u00e1ximo de caracteres, no puede ser explotado en el uso por lotes o en la l\u00ednea de comandos (por ejemplo, dsmadmc.exe -id=username -password=pwd) .\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor"
}
],
"id": "CVE-2020-28198",
"lastModified": "2024-11-21T05:22:27.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-06T20:15:09.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-26 10:55
Modified
2024-11-21 01:59
Severity ?
Summary
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://secunia.com/advisories/60482 | Third Party Advisory | |
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095 | Broken Link | |
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21680453 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/60482 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21680453 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| ibm | tivoli_storage_manager | * | |
| hp | hp-ux | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89B4022B-3080-418B-8DD9-3ED135B87876",
"versionEndExcluding": "6.2.5.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1FDA6C-A387-4DC6-BCBE-7100023AB999",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88F7C47-1250-407A-95F8-84B2CDD2AC92",
"versionEndExcluding": "6.4.2",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7B18F8-C8C3-4843-90D7-E33121382017",
"versionEndExcluding": "7.1.0.3",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "309050A8-60A5-408E-A1AA-98484F0AC9E5",
"versionEndExcluding": "6.1.5.6",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."
},
{
"lang": "es",
"value": "El cliente Backup-Archive en IBM Tivoli Storage Manager (TSM) for Space Management 5.x y 6.x anterior a 6.2.5.3, 6.3.x anterior a 6.3.2, 6.4.x anterior a 6.4.2, y 7.1.x anterior a 7.1.0.3 en Linux y AIX, y 5.x y 6.x anterior a 6.1.5.6 en Solaris y HP-UX, no conserva los permisos de ficheros durante operaciones de copia de seguridad y restauraci\u00f3n, lo que permite a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros."
}
],
"id": "CVE-2013-6335",
"lastModified": "2024-11-21T01:59:01.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-26T10:55:04.073",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60482"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95090 | Technical Description, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95090 | Technical Description, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.1.1 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 6.4.2.1 | |
| ibm | tivoli_storage_manager | 6.4.2.2 | |
| ibm | tivoli_storage_manager | 6.4.2.3 | |
| ibm | tivoli_storage_manager | 6.4.2.4 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.2 | |
| ibm | tivoli_storage_manager | 7.1.3 | |
| ibm | tivoli_storage_manager | 7.1.3.1 | |
| ibm | tivoli_storage_manager | 7.1.3.2 | |
| ibm | tivoli_storage_manager | 7.1.4 | |
| ibm | tivoli_storage_manager | 7.1.4.1 | |
| ibm | tivoli_storage_manager | 7.1.4.2 | |
| ibm | tivoli_storage_manager | 7.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC31A7A-CFFB-4590-B6B4-494F1005E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1864921-DA58-433F-8DFE-BF1E25B02C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89E630-36F0-4807-B4B0-C53FFB636497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7B9E69-407D-48E2-B49F-1C9263C052F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
},
{
"lang": "es",
"value": "Tivoli Storage Manager Operations Center podr\u00eda permitir a un usuario local asumir el control de un usuario previamente registrado debido a que la expiraci\u00f3n de sesi\u00f3n no est\u00e1 forzada."
}
],
"id": "CVE-2016-6043",
"lastModified": "2024-11-21T02:55:23.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:01.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95090"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 3.1.0 | |
| ibm | tivoli_storage_manager | 3.2.1 | |
| veritas | bare_metal_restore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6642D8F1-3F9B-4613-A343-B3D4E9849CD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E6F6FA-77B8-4FFD-B7B2-6206651BBEAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:veritas:bare_metal_restore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB26CBEA-EF79-439A-8943-34BF416C4E54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server."
}
],
"id": "CVE-2003-1361",
"lastModified": "2024-11-20T23:46:57.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seer.support.veritas.com/docs/252933.htm"
},
{
"source": "cve@mitre.org",
"url": "http://seer.support.veritas.com/docs/254442.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6928"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seer.support.veritas.com/docs/252933.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seer.support.veritas.com/docs/254442.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-04 15:30
Modified
2024-11-21 01:08
Severity ?
Summary
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.2.5.3 | |
| ibm | tivoli_storage_manager | 5.3 | |
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 5.3.2 | |
| ibm | tivoli_storage_manager | 5.3.2.4 | |
| ibm | tivoli_storage_manager | 5.3.3 | |
| ibm | tivoli_storage_manager | 5.3.3 | |
| ibm | tivoli_storage_manager | 5.3.4 | |
| ibm | tivoli_storage_manager | 5.3.4 | |
| ibm | tivoli_storage_manager | 5.3.5 | |
| ibm | tivoli_storage_manager | 5.3.5.1 | |
| ibm | tivoli_storage_manager | 5.3.6 | |
| ibm | tivoli_storage_manager | 5.3.6.1 | |
| ibm | tivoli_storage_manager | 5.3.6.2 | |
| ibm | tivoli_storage_manager | 5.3.6.3 | |
| ibm | tivoli_storage_manager | 5.3.6.4 | |
| ibm | tivoli_storage_manager | 5.3.6.5 | |
| ibm | tivoli_storage_manager | 5.3.6.6 | |
| ibm | tivoli_storage_manager | 5.3.6.6 | |
| ibm | tivoli_storage_manager | 5.4.0 | |
| ibm | tivoli_storage_manager | 5.4.1 | |
| ibm | tivoli_storage_manager | 5.4.2 | |
| ibm | tivoli_storage_manager | 5.5.0 | |
| ibm | tivoli_storage_manager | 5.5.1 | |
| ibm | tivoli_storage_manager | 5.5.2 | |
| ibm | tivoli_storage_manager | 6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:express:*:*:*:*:*",
"matchCriteriaId": "594F4C0E-BAF1-4B28-A21C-8608E1365592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:express:*:*:*:*:*",
"matchCriteriaId": "F1898001-E7E8-4B77-96DD-3B4FE70CF4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5:*:express:*:*:*:*:*",
"matchCriteriaId": "2EA1B92E-A7C9-4AEA-A180-2DC766DC5A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6:*:express:*:*:*:*:*",
"matchCriteriaId": "91D9B30D-F3CF-4E43-BF8E-A16CA3138AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:express:*:*:*:*:*",
"matchCriteriaId": "E6252B18-7599-4401-AFDC-28C241D8DFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el planificador del demonio de aceptaci\u00f3n de cliente (CAD) en el cliente en Tivoli Storage Manager (TSM) versiones 5.3 anteriores a 5.3.6.7, versiones 5.4 anteriores a 5.4.3, versiones 5.5 anteriores a 5.5.2.2, y versiones 6.1 anteriores a 6.1.0.2, y TSM Express versiones 5.3.3.0 hasta 5.3.6.6, de IBM, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de datos especialmente dise\u00f1ados en un paquete TCP."
}
],
"id": "CVE-2009-3853",
"lastModified": "2024-11-21T01:08:20.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-04T15:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32534"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/secunia_research/2008-51/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2008-51/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 4.2 | |
| ibm | tivoli_storage_manager | 4.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Tivoli Storage Manager TSM :\r\n\r\nServer o Storage Agents 3.1 a la 5.1\r\nTSM Client Acceptor Service 4.2 y 5.1\r\n\r\npermite a atacantes remotos realizar un ataque de Denegaci\u00f3n de Servicio (caida) y posiblemente la ejecuci\u00f3n de c\u00f3digo arbitrario mediante una petici\u00f3n HTTP GET larga a los puertos 1580 o 1581."
}
],
"id": "CVE-2002-0541",
"lastModified": "2024-11-20T23:39:19.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/267143"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8817.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8825.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4492"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tivoli.com/support/storage_mgr/flash_httpport.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/267143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8817.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8825.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tivoli.com/support/storage_mgr/flash_httpport.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-21 04:35
Modified
2024-11-21 01:47
Severity ?
Summary
The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03B94E-62C9-457F-BC95-5F97EADAEE8A",
"versionEndIncluding": "6.2.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6642D8F1-3F9B-4613-A343-B3D4E9849CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E6F6FA-77B8-4FFD-B7B2-6206651BBEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6454A8C4-407C-455F-8922-D7D703C52245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40C35632-F7D5-494A-BE62-2DB121ED6234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62532061-2092-481A-B699-4EA1500F80D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7FD0D2-E106-4152-AF87-0E8BEE44DDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A50035-DA7C-4F8F-B36A-3C5194098F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6521E9-3106-49F6-84DF-66FFE47BDAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A6731C-74A9-4FA9-8F2B-66D5F623151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1464DB-B192-4459-9C6D-34E8213CDC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79B76B2B-D92E-4000-8779-87C01BE55E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8452AD-9871-4BDC-8302-EB6CD86A0C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28A2C9-21A0-48E2-88DD-C2336D990523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256AFD08-1918-46D6-9A7A-AE50ACDE9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA451EA-3F6E-4063-99E2-0D1D6950CC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4E3EAE-A032-4A42-91C9-5D1E1CC048B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58353CBA-C09A-4F19-BDE4-D0243AEF3213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C40A61-30E2-4FD4-A29B-715981201F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A77C9-AB75-4133-8441-9BEE8591A717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D01ED5FF-D648-4B94-A555-D702804079D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705A5381-AEA6-4FA2-B0EC-AD5F9E4FC985",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors."
},
{
"lang": "es",
"value": "El planificador tradicional en el cliente de IBM Tivoli Storage Manager (TSM) antes de v6.2.5.0, v6.3.1.0 antes de v6.3 y v6.4 antes de v6.4.0.1, cuando la modalidad de petici\u00f3n est\u00e1 activada, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de la programaci\u00f3n) a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-0471",
"lastModified": "2024-11-21T01:47:38.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-21T04:35:51.907",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87331"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624135"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81215"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-24 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 7.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.2 | |
| ibm | tivoli_storage_manager | 7.1.1.100 | |
| ibm | tivoli_storage_manager | 7.1.1.200 | |
| ibm | tivoli_storage_manager | 7.1.1.300 | |
| ibm | tivoli_storage_manager | 7.1.3 | |
| ibm | tivoli_storage_manager | 7.1.3.000 | |
| ibm | tivoli_storage_manager | 7.1.3.1 | |
| ibm | tivoli_storage_manager | 7.1.3.2 | |
| ibm | tivoli_storage_manager | 7.1.3.100 | |
| ibm | tivoli_storage_manager | 7.1.4 | |
| ibm | tivoli_storage_manager | 7.1.4.1 | |
| ibm | tivoli_storage_manager | 7.1.4.2 | |
| ibm | tivoli_storage_manager | 7.1.5 | |
| ibm | tivoli_storage_manager | 7.1.5.200 | |
| ibm | tivoli_storage_manager | 7.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager Server 7.1 podr\u00eda permitir a un usuario autenticado con privilegios de administrador TSM provocar un desbordamiento de b\u00fafer utilizando una consulta SQL especialmente manipulada y ejecutar c\u00f3digo arbitrario en el servidor. Referencia de IBM: 1998747."
}
],
"id": "CVE-2016-8998",
"lastModified": "2024-11-21T03:00:24.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-24T18:59:00.147",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/96443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96443"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-05 19:29
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21998166 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98335 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21998166 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98335 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E93A755E-9963-43A1-9DE4-1565703674B3",
"versionEndIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3328F090-7A1A-43B8-B939-90EC559F872E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57D90ED4-C733-4E20-952A-109F1324FC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF86F65-0CC1-4525-814F-4DF9C9C285BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager en versiones 5.5, 6.1-6.4, y 7.1 almacena informaci\u00f3n de contrase\u00f1as en un fichero de log que puede ser le\u00eddo por un usuario local cuando se ejecuta un comando set passsword. IBM X-Force ID: 118472."
}
],
"id": "CVE-2016-8916",
"lastModified": "2024-11-21T03:00:17.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-05T19:29:00.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95093 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95093 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.1.1 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 6.4.2.1 | |
| ibm | tivoli_storage_manager | 6.4.2.2 | |
| ibm | tivoli_storage_manager | 6.4.2.3 | |
| ibm | tivoli_storage_manager | 6.4.2.4 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.2 | |
| ibm | tivoli_storage_manager | 7.1.3 | |
| ibm | tivoli_storage_manager | 7.1.3.1 | |
| ibm | tivoli_storage_manager | 7.1.3.2 | |
| ibm | tivoli_storage_manager | 7.1.4 | |
| ibm | tivoli_storage_manager | 7.1.4.1 | |
| ibm | tivoli_storage_manager | 7.1.4.2 | |
| ibm | tivoli_storage_manager | 7.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC31A7A-CFFB-4590-B6B4-494F1005E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1864921-DA58-433F-8DFE-BF1E25B02C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89E630-36F0-4807-B4B0-C53FFB636497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7B9E69-407D-48E2-B49F-1C9263C052F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager Operations Center es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2016-6046",
"lastModified": "2024-11-21T02:55:23.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:01.973",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95093"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-15 02:59
Modified
2024-11-21 02:36
Severity ?
Summary
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.5.0.0 | |
| ibm | tivoli_storage_manager | 6.1.0.0 | |
| ibm | tivoli_storage_manager | 6.2.0.0 | |
| ibm | tivoli_storage_manager | 6.3.3.0 | |
| ibm | tivoli_storage_manager | 6.3.4.0 | |
| ibm | tivoli_storage_manager | 6.3.5.0 | |
| ibm | tivoli_storage_manager | 7.1.0.0 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7176DF47-ECA5-4B7B-96E7-D1BE0C247E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1454B08E-F417-4746-A8ED-E1C120DFEA98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36868EC3-6E63-4309-AD58-F1AE83951FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC69F2F4-0DD3-4BD8-8591-F0BCD99FBD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09BD0061-3DB5-4479-8624-4242FB1AF42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5999622E-68F7-4273-BAB7-0B07DCB78163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."
},
{
"lang": "es",
"value": "El servidor en IBM Spectrum Protect (tambi\u00e9n conocido como Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.5.1 y 7.x en versiones anteriores a 7.1.4 no restringe adecuadamente el uso de la opci\u00f3n ASNODENAME, lo que permite a atacantes remotos leer o escribir en datos de copia de seguridad mediante el aprovechamiento de la autoridad proxy."
}
],
"id": "CVE-2015-7408",
"lastModified": "2024-11-21T02:36:44.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-15T02:59:10.450",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 18:24
Modified
2024-11-20 23:54
Severity ?
Summary
The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 4.2 | |
| ibm | tivoli_storage_manager | 4.2.1 | |
| ibm | tivoli_storage_manager | 4.2.2 | |
| ibm | tivoli_storage_manager | 4.2.3 | |
| ibm | tivoli_storage_manager | 4.2.4 | |
| ibm | mvs | * | |
| ibm | tivoli_storage_manager | 5.1.0 | |
| ibm | tivoli_storage_manager | 5.1.1 | |
| ibm | tivoli_storage_manager | 5.1.5 | |
| ibm | tivoli_storage_manager | 5.1.6 | |
| ibm | tivoli_storage_manager | 5.1.7 | |
| ibm | tivoli_storage_manager | 5.1.8 | |
| ibm | tivoli_storage_manager | 5.1.9 | |
| ibm | tivoli_storage_manager | 5.2.0 | |
| ibm | tivoli_storage_manager | 5.2.1 | |
| ibm | tivoli_storage_manager | 5.2.2 | |
| ibm | tivoli_storage_manager | 5.3 | |
| ibm | tivoli_storage_manager | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6454A8C4-407C-455F-8922-D7D703C52245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40C35632-F7D5-494A-BE62-2DB121ED6234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62532061-2092-481A-B699-4EA1500F80D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:mvs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE559C-A63D-49F1-BA38-912E2018EF3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7FD0D2-E106-4152-AF87-0E8BEE44DDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A50035-DA7C-4F8F-B36A-3C5194098F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6521E9-3106-49F6-84DF-66FFE47BDAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A6731C-74A9-4FA9-8F2B-66D5F623151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1464DB-B192-4459-9C6D-34E8213CDC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79B76B2B-D92E-4000-8779-87C01BE55E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256AFD08-1918-46D6-9A7A-AE50ACDE9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA451EA-3F6E-4063-99E2-0D1D6950CC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4E3EAE-A032-4A42-91C9-5D1E1CC048B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1."
},
{
"lang": "es",
"value": "El servidor en IBM Tivoli Storage Manager (TSM) 4.2.x en MVS, 5.1.9.x versiones anteriores a v5.1.9.1, 5.1.x versiones anteriores a v5.1.10, 5.2.2.x versiones anteriores a v5.2.2.3, 5.2.x versiones anteriores a v5.2.3, 5.3.x versiones anteriores a v5.3.0, y 6.x versiones anteriores a v6.1, cuando el m\u00e9todo de comunicaci\u00f3n HTTP est\u00e1 activo, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio o cuelgue) a trav\u00e9s de tr\u00e1fico HTTP sin especificar, como lo demostrador por el esc\u00e1ner de puertos de IBM v1.3.1."
}
],
"id": "CVE-2004-2762",
"lastModified": "2024-11-20T23:54:09.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-31T18:24:45.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34498"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021946"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC39395"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC39395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49535"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 18:24
Modified
2024-11-20 23:47
Severity ?
Summary
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.1.0 | |
| ibm | tivoli_storage_manager | 5.1.1 | |
| ibm | tivoli_storage_manager | 5.1.5 | |
| ibm | tivoli_storage_manager | 5.1.6 | |
| ibm | tivoli_storage_manager | 5.1.7 | |
| ibm | tivoli_storage_manager | 5.1.8 | |
| ibm | tivoli_storage_manager | 5.1.9 | |
| ibm | tivoli_storage_manager | 5.1.10 | |
| ibm | tivoli_storage_manager | 5.2.0 | |
| ibm | tivoli_storage_manager | 5.2.1 | |
| ibm | tivoli_storage_manager | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7FD0D2-E106-4152-AF87-0E8BEE44DDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A50035-DA7C-4F8F-B36A-3C5194098F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6521E9-3106-49F6-84DF-66FFE47BDAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A6731C-74A9-4FA9-8F2B-66D5F623151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1464DB-B192-4459-9C6D-34E8213CDC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79B76B2B-D92E-4000-8779-87C01BE55E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8452AD-9871-4BDC-8302-EB6CD86A0C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256AFD08-1918-46D6-9A7A-AE50ACDE9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA451EA-3F6E-4063-99E2-0D1D6950CC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to \"session exposure.\""
},
{
"lang": "es",
"value": "El servidor en IBM Tivoli Storage Manager (TSM) v5.1.x, v5.2.x anteriores a v5.2.1.2, y v6.x anteriores a v6.1, no requiere credenciales para ver la consola del servidor en algunas circunstancias, lo que permite a administradores autenticados en remoto monitorizar las operaciones del servidor estableciendo una sesi\u00f3n en modo consola, relativo a una \"exposici\u00f3n de sesi\u00f3n\". \r\n"
}
],
"id": "CVE-2003-1570",
"lastModified": "2024-11-20T23:47:27.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-31T18:24:44.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34498"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021947"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-04 10:44
Modified
2024-11-21 01:52
Severity ?
Summary
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC99211-3DF3-414F-BC31-59286E7C84A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C814F85-646E-42A2-95EA-F75A4331FBC2",
"versionEndIncluding": "5.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7FD0D2-E106-4152-AF87-0E8BEE44DDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A50035-DA7C-4F8F-B36A-3C5194098F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6521E9-3106-49F6-84DF-66FFE47BDAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A6731C-74A9-4FA9-8F2B-66D5F623151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1464DB-B192-4459-9C6D-34E8213CDC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79B76B2B-D92E-4000-8779-87C01BE55E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8452AD-9871-4BDC-8302-EB6CD86A0C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28A2C9-21A0-48E2-88DD-C2336D990523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "256AFD08-1918-46D6-9A7A-AE50ACDE9347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA451EA-3F6E-4063-99E2-0D1D6950CC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4E3EAE-A032-4A42-91C9-5D1E1CC048B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58353CBA-C09A-4F19-BDE4-D0243AEF3213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C40A61-30E2-4FD4-A29B-715981201F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5A77C9-AB75-4133-8441-9BEE8591A717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D01ED5FF-D648-4B94-A555-D702804079D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD18D39-DA8A-4C58-A18B-14EB6BEFBFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F41474E8-A930-43D1-8F4D-E6C219B6DB0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99AF4A3C-759F-41C4-B471-C2D63409919A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Buffer overflow en dsmtca en IBM Tivoli Storage Manager (TSM) hasta la versi\u00f3n 5.5.4.0, 6.1.0 hasta la versi\u00f3n 6.1.5.4, 6.2.0 hasta la versi\u00f3n de 6.2.4.7, y 6.3.0 hasta la versi\u00f3n 6.3.0.17 a trav\u00e9s de UNIX y Linux que permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2964",
"lastModified": "2024-11-21T01:52:45.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-04T10:44:06.820",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96517"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651120"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83760"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-29 18:00
Modified
2024-11-21 01:21
Severity ?
Summary
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el cliente de copia de seguridad de archivos en IBM Tivoli Storage Manager (TSM) v5.3.x anteriores a v5.3.6.10, v5.4.3.4 anterior a v5.4.x, v5.5.x anteriores a v5.5.3, v6.1.x anteriores a v6.1.4, y v6.2.x anteirores a v6.2.2 en Unix y Linux permite a usuarios locales sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4605",
"lastModified": "2024-11-21T01:21:20.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-29T18:00:03.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://secunia.com/advisories/42639"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry",
"URL Repurposed"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://secunia.com/advisories/42639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry",
"URL Repurposed"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-13 02:59
Modified
2024-11-21 02:10
Severity ?
Summary
Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F956AF3F-0BDF-4F4B-AB29-418C39BEC8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0642EDE5-7EBF-4FA3-9432-F82FE76EF9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C19266-CDED-4DC0-8B50-560BA3B5DAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D01ED5FF-D648-4B94-A555-D702804079D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EE1688-765E-4CF7-A496-E24A97DA7D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "185BA044-EBFF-4A89-AE3B-D5F6961A417D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F41474E8-A930-43D1-8F4D-E6C219B6DB0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D813D-9D9E-4FC6-984F-0E31ED4101C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C2CB3F-61A9-4970-B043-11A105B2D439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66CC6409-5ADA-450E-B486-8E1D8F97DBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D789F756-2B42-4C39-94ED-AEC0A82FE119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9311DE26-75E2-4588-858E-38497D7A8984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99AF4A3C-759F-41C4-B471-C2D63409919A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705A5381-AEA6-4FA2-B0EC-AD5F9E4FC985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "335EAE82-7CC6-4420-BCD1-81FD54FD60ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C31C57-90BD-46E7-A1C8-A73F72D81BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B485D043-6865-4BA3-A3F9-DDC803495A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BF5A53-0FEE-49E2-B2C2-918ECBB36256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el cliente en IBM Tivoli Storage Manager (TSM) 5.4.0.0 hasta 5.4.3.6, 5.5.0.0 hasta 5.5.4.3, 6.1.0.0 hasta 6.1.5.6, 6.2 anterior a 6.2.5.4, 6.3 anterior a 6.3.2.3, 6.4 anterior a 6.4.2.1, y 7.1 anterior a 7.1.1 en UNIX y Linux permite a usuarios locales obtener privilegios root a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-4813",
"lastModified": "2024-11-21T02:10:54.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-13T02:59:03.533",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04140"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695652"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95389"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95087 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21995754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95087 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.1.1 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 6.4.2.1 | |
| ibm | tivoli_storage_manager | 6.4.2.2 | |
| ibm | tivoli_storage_manager | 6.4.2.3 | |
| ibm | tivoli_storage_manager | 6.4.2.4 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.2 | |
| ibm | tivoli_storage_manager | 7.1.3 | |
| ibm | tivoli_storage_manager | 7.1.3.1 | |
| ibm | tivoli_storage_manager | 7.1.3.2 | |
| ibm | tivoli_storage_manager | 7.1.4 | |
| ibm | tivoli_storage_manager | 7.1.4.1 | |
| ibm | tivoli_storage_manager | 7.1.4.2 | |
| ibm | tivoli_storage_manager | 7.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC31A7A-CFFB-4590-B6B4-494F1005E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1864921-DA58-433F-8DFE-BF1E25B02C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89E630-36F0-4807-B4B0-C53FFB636497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7B9E69-407D-48E2-B49F-1C9263C052F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
},
{
"lang": "es",
"value": "IBM Tivoli Storage Manager Operations Center es vulnerable a la falsificaci\u00f3n de solicitudes de sitios cruzados que podr\u00edan permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario que conf\u00eda en el sitio web."
}
],
"id": "CVE-2016-6045",
"lastModified": "2024-11-21T02:55:23.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:01.940",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95087"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-07 17:29
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "834EBEBA-70E1-4089-A064-6BBFAD50D1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.100:*:*:*:*:*:*:*",
"matchCriteriaId": "4717F07E-B1B0-4F90-9ECF-DD08E3E94D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7.200:*:*:*:*:*:*:*",
"matchCriteriaId": "13B7B79B-C85C-4CF6-BBBF-DB00D857BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB2B65F-A847-47E9-85D9-C42EC7F7F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "0587F4BC-4B77-42A1-BA13-296C6CD41355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
},
{
"lang": "es",
"value": "Clientes y agentes de Tivoli Storage Manager de IBM (Spectrum Protect versiones 7.1 y 8.1 de IBM), almacenan informaci\u00f3n de contrase\u00f1as en el Registro Windows de una manera que pueda verse comprometida. ID de IBM X-Force: 118790."
}
],
"id": "CVE-2016-8939",
"lastModified": "2024-11-21T03:00:20.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T17:29:00.617",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
},
{
"source": "psirt@us.ibm.com",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-04 15:30
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 5.2.5.3 | |
| ibm | tivoli_storage_manager | 5.3 | |
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 5.3.2 | |
| ibm | tivoli_storage_manager | 5.3.2.4 | |
| ibm | tivoli_storage_manager | 5.3.3 | |
| ibm | tivoli_storage_manager | 5.3.4 | |
| ibm | tivoli_storage_manager | 5.3.5.1 | |
| ibm | tivoli_storage_manager | 5.3.6.1 | |
| ibm | tivoli_storage_manager | 5.3.6.2 | |
| ibm | tivoli_storage_manager | 5.3.6.3 | |
| ibm | tivoli_storage_manager | 5.3.6.4 | |
| ibm | tivoli_storage_manager | 5.3.6.5 | |
| ibm | tivoli_storage_manager | 5.4.0 | |
| ibm | tivoli_storage_manager | 5.4.1 | |
| ibm | tivoli_storage_manager | 5.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2585495-DB97-429F-87AC-4C4E92DE305D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "801CCEC1-8DED-41C4-B6D2-38E4BEC74EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93FCB242-C35B-4CDB-AE62-3CA5D312586B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "930B5AE2-CA47-47D7-96DE-F2B9F70337C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAA5227-C1F5-48C1-A207-096F228E305E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11E968D1-8198-4686-BFDD-8499CB435B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades sin especificar en (1) UNIX y (2) clientes Linux backup-archive, y (3)el cliente API de OS/400, en IBM Tivoli Storage Manager (TSM) v5.3 anteriores a v5.3.6.6, v5.4 anteriores a v5.4.2, y v5.5 anteriores a v5.5.1,"
}
],
"id": "CVE-2009-3855",
"lastModified": "2024-11-21T01:08:20.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-04T15:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32534"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-06 20:28
Modified
2024-11-21 00:22
Severity ?
Summary
Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | 5.3.0 | |
| ibm | tivoli_storage_manager | 5.3.1 | |
| ibm | tivoli_storage_manager | 5.3.2 | |
| ibm | tivoli_storage_manager | 5.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7002846-BDFD-4866-9CC4-329FE7636F5B",
"versionEndIncluding": "5.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855."
},
{
"lang": "es",
"value": "M\u00faltiples errores de \u00edndice de array en IBM Tivoli Storage Manager (TSM) anterior a 5.2.9 y 5.3.x anterior a 5.3.4 permite a atacantes remotos leer localizaciones arbitrarias de memoria y provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un valor de \u00edndice grande en mensajes no especificados, un asunto diferente que CVE-2006-5855."
}
],
"id": "CVE-2006-6309",
"lastModified": "2024-11-21T00:22:24.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-06T20:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1979"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 21:59
Modified
2024-11-21 02:41
Severity ?
Summary
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21985114 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/94148 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21985114 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94148 | Broken Link, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| apple | mac_os_x | - | |
| hp | hp-ux | - | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - | |
| ibm | tivoli_storage_manager | * | |
| apple | mac_os_x | - | |
| hp | hp-ux | - | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - | |
| ibm | tivoli_storage_manager | * | |
| apple | mac_os_x | - | |
| hp | hp-ux | - | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| oracle | solaris | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "119D7C39-ECBA-455E-A353-47F0D4CEDC08",
"versionEndIncluding": "7.1.6.2",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E70A4ED-6C7B-4861-95A5-A4F6C06D6C05",
"versionEndIncluding": "6.4.3.3",
"versionStartIncluding": "6.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "833798D5-DDAC-44FE-9B34-61DFDD9F5A6D",
"versionEndIncluding": "6.3.2.5",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
},
{
"lang": "es",
"value": "La contrase\u00f1a de Tivoli Storage Manager (TSM) puede ser mostrada en texto plano a trav\u00e9s de la salida de rastreo de la aplicaci\u00f3n mientras el rastreo de aplicaciones est\u00e1 habilitado."
}
],
"id": "CVE-2016-0371",
"lastModified": "2024-11-21T02:41:34.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T21:59:00.100",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94148"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-22 02:59
Modified
2024-11-21 02:13
Severity ?
Summary
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| opengroup | unix | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8246A47-DBFD-469D-AFB7-ED8996D69DAD",
"versionEndIncluding": "5.4.3.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80D9E829-5AFC-42C8-BEED-421712AA4B4A",
"versionEndIncluding": "5.5.4.3",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22CAECAB-4AD2-4F34-B545-52A7CFF9D09E",
"versionEndIncluding": "6.1.5.6",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10192752-8FEA-4665-87FF-A4ABB8C6518E",
"versionEndIncluding": "6.2.5.3",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F420BFB9-5265-4B94-A0BD-8C203181F3C8",
"versionEndIncluding": "6.3.2.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 5.4 hasta 5.4.3.6, 5.5 hasta 5.5.4.3, 6.1 hasta 6.1.5.6, 6.2 anterior a 6.2.5.4, y 6.3 anterior a 6.3.2.3 en UNIX, Linux, y OS X permite a usuarios locales ganar privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6184",
"lastModified": "2024-11-21T02:13:55.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-22T02:59:00.060",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695878"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 02:55
Severity ?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21993695 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/94808 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21993695 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94808 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | 7.1.0.0 | |
| ibm | aix | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | 6.4.0.0 | |
| ibm | aix | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | 6.3.0.0 | |
| ibm | aix | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | aix | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | aix | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | aix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6CC6C2-5DBC-46B7-8BAF-069F00D40DDB",
"versionEndIncluding": "7.1.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5999622E-68F7-4273-BAB7-0B07DCB78163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E8303D-DF35-4C4B-8978-A0AE6ED80732",
"versionEndIncluding": "6.4.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA0336C-3E53-45B4-9A9E-E3F199A8745D",
"versionEndIncluding": "6.3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705A5381-AEA6-4FA2-B0EC-AD5F9E4FC985",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF61D5E-087C-402B-9AFD-5E96C43F5975",
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69F1A359-DE1D-4C50-8729-0138676A0FF7",
"versionEndIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC62665E-5CE9-408F-BB37-CBB8F03F6559",
"versionEndIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash."
},
{
"lang": "es",
"value": "El cliente IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX es vulnerable a un desbordamiento de b\u00fafer cuando Journal-Based Backup est\u00e1 habilitado. Un atacante local podr\u00eda desboradr un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o provocar una ca\u00edda del sistema."
}
],
"id": "CVE-2016-5985",
"lastModified": "2024-11-21T02:55:18.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:01.503",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993695"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94808"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-05 17:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006215 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006215 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*",
"matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*",
"matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*",
"matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*",
"matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AE11FE-5D3C-4103-B756-254BBB744C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C818A4D8-7F9C-417C-BA94-14F5A8692C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
},
{
"lang": "es",
"value": "IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) revela las credenciales sin cifrar de inicio de sesi\u00f3n de Vmware vCenter en la salida de la traza de la aplicaci\u00f3n, las cuales las puede obtener un usuario local. IBM X-Force ID: 126875."
}
],
"id": "CVE-2017-1378",
"lastModified": "2024-11-21T03:21:48.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T17:29:00.373",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5842195D-451A-4BDF-8B5C-9E5C906EC738",
"versionEndIncluding": "5.4.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E4A983-9053-405D-BA3D-BAE8B47A1EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1B6BE3-9554-41DF-A994-82CEAF88BA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD381D-FEA0-476C-9389-D777D2E344E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E07B8-DB3C-4A99-801C-84C3814BAA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5A665E28-2D3D-40DE-AF28-D549F3A37A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31370480-2B9D-44D4-A448-4B441CF59194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0973283F-AD45-4927-88E2-559069C1B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A263333E-DB86-41BE-A508-731079429E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F0611-DD8F-42A2-AFD7-1BCBD38BAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25121FC4-9EE2-44AE-BEB3-02C3AB38DB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70016926-5776-4A04-8D55-5CA12D1DA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74B38E6A-86AA-4C35-AF3F-7F77DF647235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A29AC-0890-495D-8DF7-2530CEAF6C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43BE5332-C982-440A-A7AA-03B83415B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74E095D6-D6C9-4E21-9CBA-508D043C4286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD434E9-6D0E-4FDB-A39A-D9FAC7E825C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22F74B9A-D31E-43E3-8A29-BFD09A9442F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A8E0C4-8509-4372-99C7-CFBA2100AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBC191E-0CE6-4D9C-A75B-E3484AC3B4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE93F92-4A7E-436C-8120-3BECC9C7215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67741515-E42C-41CA-8D11-AFFB0D23B7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ADAA69-B258-4666-9AB7-7965429EA497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4722BA-186A-4999-965E-ED5FA72D4BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FF105A-6B8E-4849-875F-FD87EC9291E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC4EA95B-C812-4A27-8FB2-46F644463BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funcionalidad de\r\nsecuencia de datos alternativa (ADS o Alternate Data Stream)en el cliente del archivo de copia de seguridad en IBM Tivoli Storage Manager (TSM), antes de v5.4.3.4, en v5.5.x antes de v5.5.3, en 6.x antes de v6.1.4, y en v6.2.x antes de v6.2.2 en Windows permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-1223",
"lastModified": "2024-11-21T01:25:50.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-17T20:55:01.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45098"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025741"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-23 19:55
Modified
2024-11-21 01:57
Severity ?
Summary
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.3.1 | |
| ibm | tivoli_storage_manager | 6.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E9FBE6-B342-43BD-BB32-650A87AB8EBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."
},
{
"lang": "es",
"value": "El cliente en Tivoli Storage Manager (TSM) de IBM versiones 6.3.1 y 6.4.0 en Windows, no conserva los permisos del Sistema de Archivos Resistente (ReFS) en las operaciones de copia de seguridad y restauraci\u00f3n, lo que permite a los usuarios locales omitir las restricciones de acceso previstas por medio de las operaciones est\u00e1ndar del sistema de archivos."
}
],
"id": "CVE-2013-5371",
"lastModified": "2024-11-21T01:57:22.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-23T19:55:03.610",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2011-1222
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg1IC77049 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/48519 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21457604 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1025741 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/45098 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC77049",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77049"
},
{
"name": "48519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"name": "1025741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025741"
},
{
"name": "45098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IC77049",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77049"
},
{
"name": "48519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"name": "1025741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025741"
},
{
"name": "45098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC77049",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77049"
},
{
"name": "48519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48519"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21457604",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"name": "1025741",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025741"
},
{
"name": "45098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1222",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-03-03T00:00:00Z",
"dateUpdated": "2024-09-16T22:36:06.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6110
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21996198 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95306 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager |
Version: 5.3.5.3 Version: 5.4.1.2 Version: 4.2 Version: 4.2.1 Version: 5.1.8 Version: 5.2.5.1 Version: 5.2.7 Version: 5.2.8 Version: 5.2.9 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.4.4.0 Version: 5.4.2.4 Version: 5.4.2.3 Version: 5.4.2.2 Version: 5.3.6.9 Version: 5.3.6.2 Version: 5.3.6.1 Version: 5.3.4 Version: 5.2.5.3 Version: 5.2.5.2 Version: 5.2.4 Version: 5.3.5.1 Version: 5.3.2.4 Version: 6.0 Version: 5.1.0 Version: 5.1.1 Version: 5.1.10 Version: 5.1.5 Version: 5.1.6 Version: 5.1.7 Version: 5.1.9 Version: 5.2.0 Version: 5.2.1 Version: 4.2.2 Version: 4.2.3 Version: 4.2.4 Version: 5.2.2 Version: 5.3 Version: 5.2 Client Version: 5.4 Client Version: 5.5.7 Version: 5.2.3.4 Client Version: 5.5.1.0 Version: 5.5.1.6 Version: 5.4 Version: 5.5 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:19.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
},
{
"name": "95306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.3.5.3"
},
{
"status": "affected",
"version": "5.4.1.2"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "5.1.8"
},
{
"status": "affected",
"version": "5.2.5.1"
},
{
"status": "affected",
"version": "5.2.7"
},
{
"status": "affected",
"version": "5.2.8"
},
{
"status": "affected",
"version": "5.2.9"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.4.4.0"
},
{
"status": "affected",
"version": "5.4.2.4"
},
{
"status": "affected",
"version": "5.4.2.3"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.3.6.9"
},
{
"status": "affected",
"version": "5.3.6.2"
},
{
"status": "affected",
"version": "5.3.6.1"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "5.2.5.3"
},
{
"status": "affected",
"version": "5.2.5.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.3.5.1"
},
{
"status": "affected",
"version": "5.3.2.4"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.10"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "5.1.7"
},
{
"status": "affected",
"version": "5.1.9"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.2 Client"
},
{
"status": "affected",
"version": "5.4 Client"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.2.3.4 Client"
},
{
"status": "affected",
"version": "5.5.1.0"
},
{
"status": "affected",
"version": "5.5.1.6"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-24T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
},
{
"name": "95306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "5.3.5.3"
},
{
"version_value": "5.4.1.2"
},
{
"version_value": "4.2"
},
{
"version_value": "4.2.1"
},
{
"version_value": "5.1.8"
},
{
"version_value": "5.2.5.1"
},
{
"version_value": "5.2.7"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.9"
},
{
"version_value": "5.3.0"
},
{
"version_value": "5.3.1"
},
{
"version_value": "5.3.2"
},
{
"version_value": "5.3.3"
},
{
"version_value": "5.4.4.0"
},
{
"version_value": "5.4.2.4"
},
{
"version_value": "5.4.2.3"
},
{
"version_value": "5.4.2.2"
},
{
"version_value": "5.3.6.9"
},
{
"version_value": "5.3.6.2"
},
{
"version_value": "5.3.6.1"
},
{
"version_value": "5.3.4"
},
{
"version_value": "5.2.5.3"
},
{
"version_value": "5.2.5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.3.5.1"
},
{
"version_value": "5.3.2.4"
},
{
"version_value": "6.0"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.1"
},
{
"version_value": "5.1.10"
},
{
"version_value": "5.1.5"
},
{
"version_value": "5.1.6"
},
{
"version_value": "5.1.7"
},
{
"version_value": "5.1.9"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.1"
},
{
"version_value": "4.2.2"
},
{
"version_value": "4.2.3"
},
{
"version_value": "4.2.4"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.2 Client"
},
{
"version_value": "5.4 Client"
},
{
"version_value": "5.5.7"
},
{
"version_value": "5.2.3.4 Client"
},
{
"version_value": "5.5.1.0"
},
{
"version_value": "5.5.1.6"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.4"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996198",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996198"
},
{
"name": "95306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6110",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:19.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4818
Vulnerability from cvelistv5
Published
2015-02-24 20:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21697022 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031795 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/72771 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697022"
},
{
"name": "1031795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031795"
},
{
"name": "72771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72771"
},
{
"name": "IT06016",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-27T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697022"
},
{
"name": "1031795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031795"
},
{
"name": "72771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72771"
},
{
"name": "IT06016",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697022",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697022"
},
{
"name": "1031795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031795"
},
{
"name": "72771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72771"
},
{
"name": "IT06016",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4818",
"datePublished": "2015-02-24T20:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3853
Vulnerability from cvelistv5
Published
2009-11-04 15:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023136 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/3132 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/archive/1/507654/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21405562 | x_refsource_CONFIRM | |
| http://secunia.com/secunia_research/2008-51/ | x_refsource_MISC | |
| http://secunia.com/advisories/32534 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:49.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023136"
},
{
"name": "ADV-2009-3132",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "IC61036",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"
},
{
"name": "20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-51/"
},
{
"name": "32534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023136"
},
{
"name": "ADV-2009-3132",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "IC61036",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"
},
{
"name": "20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-51/"
},
{
"name": "32534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023136",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023136"
},
{
"name": "ADV-2009-3132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "IC61036",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61036"
},
{
"name": "20091104 Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507654/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "http://secunia.com/secunia_research/2008-51/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-51/"
},
{
"name": "32534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3853",
"datePublished": "2009-11-04T15:00:00",
"dateReserved": "2009-11-04T00:00:00",
"dateUpdated": "2024-08-07T06:45:49.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4817
Vulnerability from cvelistv5
Published
2014-11-18 23:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95444 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21686874 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsm-cve20144817-file-overwrite(95444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874"
},
{
"name": "IT04884",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsm-cve20144817-file-overwrite(95444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874"
},
{
"name": "IT04884",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-cve20144817-file-overwrite(95444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95444"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686874"
},
{
"name": "IT04884",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4817",
"datePublished": "2014-11-18T23:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0471
Vulnerability from cvelistv5
Published
2013-02-21 02:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21624135 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81215 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC87331 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624135"
},
{
"name": "tsm-scheduler-dos(81215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81215"
},
{
"name": "IC87331",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624135"
},
{
"name": "tsm-scheduler-dos(81215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81215"
},
{
"name": "IC87331",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21624135",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624135"
},
{
"name": "tsm-scheduler-dos(81215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81215"
},
{
"name": "IC87331",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0471",
"datePublished": "2013-02-21T02:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6335
Vulnerability from cvelistv5
Published
2014-08-26 10:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21680453 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/60482 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:00.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
},
{
"name": "IC96095",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
},
{
"name": "60482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60482"
},
{
"name": "ibm-tsm-cve20136335-info-disc(89054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
},
{
"name": "IC96095",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
},
{
"name": "60482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60482"
},
{
"name": "ibm-tsm-cve20136335-info-disc(89054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
},
{
"name": "IC96095",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
},
{
"name": "60482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60482"
},
{
"name": "ibm-tsm-cve20136335-info-disc(89054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6335",
"datePublished": "2014-08-26T10:00:00",
"dateReserved": "2013-10-31T00:00:00",
"dateUpdated": "2024-08-06T17:39:00.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2894
Vulnerability from cvelistv5
Published
2016-07-03 21:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21985579 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/91534 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036220 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985579"
},
{
"name": "IT13686",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686"
},
{
"name": "91534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91534"
},
{
"name": "1036220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985579"
},
{
"name": "IT13686",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686"
},
{
"name": "91534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91534"
},
{
"name": "1036220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985579",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985579"
},
{
"name": "IT13686",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686"
},
{
"name": "91534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91534"
},
{
"name": "1036220",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2894",
"datePublished": "2016-07-03T21:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1378
Vulnerability from cvelistv5
Published
2017-10-05 17:00
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22006215 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect for Virtual Environments |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect for Virtual Environments",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect for Virtual Environments",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006215",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1378",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:46:09.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6043
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21995754 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95090 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager Extended Edition |
Version: 6.4 Version: 7.1 Version: 7.1.1 Version: 6.1 Version: 6.2 Version: 6.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:18.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager Extended Edition",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager Extended Edition",
"version": {
"version_data": [
{
"version_value": "6.4"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.1"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6043",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:18.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0472
Vulnerability from cvelistv5
Published
2013-02-21 02:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21624118 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81216 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC87210",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624118"
},
{
"name": "tsm-gui-unauth-access(81216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IC87210",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624118"
},
{
"name": "tsm-gui-unauth-access(81216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC87210",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21624118",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624118"
},
{
"name": "tsm-gui-unauth-access(81216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0472",
"datePublished": "2013-02-21T02:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5371
Vulnerability from cvelistv5
Published
2014-01-23 19:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86661 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg21662608 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsm-cve20135371-refs-perm(86661)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661"
},
{
"name": "IC92933",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsm-cve20135371-refs-perm(86661)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661"
},
{
"name": "IC92933",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-cve20135371-refs-perm(86661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661"
},
{
"name": "IC92933",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21662608",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5371",
"datePublished": "2014-01-23T19:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5985
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21993695 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94808 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager |
Version: 5.3.5.3 Version: 5.4.1.2 Version: 4.2 Version: 4.2.1 Version: 5.1.8 Version: 5.2.5.1 Version: 5.2.7 Version: 5.2.8 Version: 5.2.9 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.4.4.0 Version: 5.4.2.4 Version: 5.4.2.3 Version: 5.4.2.2 Version: 5.3.6.9 Version: 5.3.6.2 Version: 5.3.6.1 Version: 5.3.4 Version: 5.2.5.3 Version: 5.2.5.2 Version: 5.2.4 Version: 5.3.5.1 Version: 5.3.2.4 Version: 6.0 Version: 5.1.0 Version: 5.1.1 Version: 5.1.10 Version: 5.1.5 Version: 5.1.6 Version: 5.1.7 Version: 5.1.9 Version: 5.2.0 Version: 5.2.1 Version: 4.2.2 Version: 4.2.3 Version: 4.2.4 Version: 5.2.2 Version: 5.3 Version: 5.2 Client Version: 5.4 Client Version: 5.5.7 Version: 5.2.3.4 Client Version: 5.5.1.0 Version: 5.5.1.6 Version: 5.4 Version: 5.5 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993695"
},
{
"name": "94808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.3.5.3"
},
{
"status": "affected",
"version": "5.4.1.2"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "5.1.8"
},
{
"status": "affected",
"version": "5.2.5.1"
},
{
"status": "affected",
"version": "5.2.7"
},
{
"status": "affected",
"version": "5.2.8"
},
{
"status": "affected",
"version": "5.2.9"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.4.4.0"
},
{
"status": "affected",
"version": "5.4.2.4"
},
{
"status": "affected",
"version": "5.4.2.3"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.3.6.9"
},
{
"status": "affected",
"version": "5.3.6.2"
},
{
"status": "affected",
"version": "5.3.6.1"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "5.2.5.3"
},
{
"status": "affected",
"version": "5.2.5.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.3.5.1"
},
{
"status": "affected",
"version": "5.3.2.4"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.10"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "5.1.7"
},
{
"status": "affected",
"version": "5.1.9"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.2 Client"
},
{
"status": "affected",
"version": "5.4 Client"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.2.3.4 Client"
},
{
"status": "affected",
"version": "5.5.1.0"
},
{
"status": "affected",
"version": "5.5.1.6"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993695"
},
{
"name": "94808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "5.3.5.3"
},
{
"version_value": "5.4.1.2"
},
{
"version_value": "4.2"
},
{
"version_value": "4.2.1"
},
{
"version_value": "5.1.8"
},
{
"version_value": "5.2.5.1"
},
{
"version_value": "5.2.7"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.9"
},
{
"version_value": "5.3.0"
},
{
"version_value": "5.3.1"
},
{
"version_value": "5.3.2"
},
{
"version_value": "5.3.3"
},
{
"version_value": "5.4.4.0"
},
{
"version_value": "5.4.2.4"
},
{
"version_value": "5.4.2.3"
},
{
"version_value": "5.4.2.2"
},
{
"version_value": "5.3.6.9"
},
{
"version_value": "5.3.6.2"
},
{
"version_value": "5.3.6.1"
},
{
"version_value": "5.3.4"
},
{
"version_value": "5.2.5.3"
},
{
"version_value": "5.2.5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.3.5.1"
},
{
"version_value": "5.3.2.4"
},
{
"version_value": "6.0"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.1"
},
{
"version_value": "5.1.10"
},
{
"version_value": "5.1.5"
},
{
"version_value": "5.1.6"
},
{
"version_value": "5.1.7"
},
{
"version_value": "5.1.9"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.1"
},
{
"version_value": "4.2.2"
},
{
"version_value": "4.2.3"
},
{
"version_value": "4.2.4"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.2 Client"
},
{
"version_value": "5.4 Client"
},
{
"version_value": "5.5.7"
},
{
"version_value": "5.2.3.4 Client"
},
{
"version_value": "5.5.1.0"
},
{
"version_value": "5.5.1.6"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.4"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993695",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993695"
},
{
"name": "94808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5985",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8916
Vulnerability from cvelistv5
Published
2017-05-05 19:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21998166 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98335 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-09T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998166",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998166"
},
{
"name": "98335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8916",
"datePublished": "2017-05-05T19:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0371
Vulnerability from cvelistv5
Published
2017-02-01 21:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94148 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21985114 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager |
Version: 5.3.5.3 Version: 5.4.1.2 Version: 4.2 Version: 4.2.1 Version: 5.1.8 Version: 5.2.5.1 Version: 5.2.7 Version: 5.2.8 Version: 5.2.9 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.4.4.0 Version: 5.4.2.4 Version: 5.4.2.3 Version: 5.4.2.2 Version: 5.3.6.9 Version: 5.3.6.2 Version: 5.3.6.1 Version: 5.3.4 Version: 5.2.5.3 Version: 5.2.5.2 Version: 5.2.4 Version: 5.3.5.1 Version: 5.3.2.4 Version: 6.0 Version: 5.1.0 Version: 5.1.1 Version: 5.1.10 Version: 5.1.5 Version: 5.1.6 Version: 5.1.7 Version: 5.1.9 Version: 5.2.0 Version: 5.2.1 Version: 4.2.2 Version: 4.2.3 Version: 4.2.4 Version: 5.2.2 Version: 5.3 Version: 5.2 Client Version: 5.4 Client Version: 5.5.7 Version: 5.2.3.4 Client Version: 5.5.1.0 Version: 5.5.1.6 Version: 5.4 Version: 5.5 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:24.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94148"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.3.5.3"
},
{
"status": "affected",
"version": "5.4.1.2"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "5.1.8"
},
{
"status": "affected",
"version": "5.2.5.1"
},
{
"status": "affected",
"version": "5.2.7"
},
{
"status": "affected",
"version": "5.2.8"
},
{
"status": "affected",
"version": "5.2.9"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.4.4.0"
},
{
"status": "affected",
"version": "5.4.2.4"
},
{
"status": "affected",
"version": "5.4.2.3"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.3.6.9"
},
{
"status": "affected",
"version": "5.3.6.2"
},
{
"status": "affected",
"version": "5.3.6.1"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "5.2.5.3"
},
{
"status": "affected",
"version": "5.2.5.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.3.5.1"
},
{
"status": "affected",
"version": "5.3.2.4"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.10"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "5.1.7"
},
{
"status": "affected",
"version": "5.1.9"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.2 Client"
},
{
"status": "affected",
"version": "5.4 Client"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.2.3.4 Client"
},
{
"status": "affected",
"version": "5.5.1.0"
},
{
"status": "affected",
"version": "5.5.1.6"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94148"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "5.3.5.3"
},
{
"version_value": "5.4.1.2"
},
{
"version_value": "4.2"
},
{
"version_value": "4.2.1"
},
{
"version_value": "5.1.8"
},
{
"version_value": "5.2.5.1"
},
{
"version_value": "5.2.7"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.9"
},
{
"version_value": "5.3.0"
},
{
"version_value": "5.3.1"
},
{
"version_value": "5.3.2"
},
{
"version_value": "5.3.3"
},
{
"version_value": "5.4.4.0"
},
{
"version_value": "5.4.2.4"
},
{
"version_value": "5.4.2.3"
},
{
"version_value": "5.4.2.2"
},
{
"version_value": "5.3.6.9"
},
{
"version_value": "5.3.6.2"
},
{
"version_value": "5.3.6.1"
},
{
"version_value": "5.3.4"
},
{
"version_value": "5.2.5.3"
},
{
"version_value": "5.2.5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.3.5.1"
},
{
"version_value": "5.3.2.4"
},
{
"version_value": "6.0"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.1"
},
{
"version_value": "5.1.10"
},
{
"version_value": "5.1.5"
},
{
"version_value": "5.1.6"
},
{
"version_value": "5.1.7"
},
{
"version_value": "5.1.9"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.1"
},
{
"version_value": "4.2.2"
},
{
"version_value": "4.2.3"
},
{
"version_value": "4.2.4"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.2 Client"
},
{
"version_value": "5.4 Client"
},
{
"version_value": "5.5.7"
},
{
"version_value": "5.2.3.4 Client"
},
{
"version_value": "5.5.1.0"
},
{
"version_value": "5.5.1.6"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.4"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94148"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0371",
"datePublished": "2017-02-01T21:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:24.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8939
Vulnerability from cvelistv5
Published
2017-06-07 17:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
References
| ▼ | URL | Tags |
|---|---|---|
| https://improsec.com/blog/vulnerability-in-tsm | x_refsource_MISC | |
| http://www.securitytracker.com/id/1038607 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98783 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22003738 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/118790 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-15T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://improsec.com/blog/vulnerability-in-tsm",
"refsource": "MISC",
"url": "https://improsec.com/blog/vulnerability-in-tsm"
},
{
"name": "1038607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038607"
},
{
"name": "98783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98783"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003738",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003738"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8939",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6045
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21995754 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95087 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager Extended Edition |
Version: 6.4 Version: 7.1 Version: 7.1.1 Version: 6.1 Version: 6.2 Version: 6.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager Extended Edition",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager Extended Edition",
"version": {
"version_data": [
{
"version_value": "6.4"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.1"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6045",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2762
Vulnerability from cvelistv5
Published
2009-03-31 18:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0881 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21375360 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34285 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC39395 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21246076 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34498 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1021946 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49535 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "34285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "IC39395",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC39395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"name": "34498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34498"
},
{
"name": "1021946",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021946"
},
{
"name": "tsm-http-dos(49535)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "34285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "IC39395",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC39395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"name": "34498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34498"
},
{
"name": "1021946",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021946"
},
{
"name": "tsm-http-dos(49535)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "34285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "IC39395",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC39395"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"name": "34498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34498"
},
{
"name": "1021946",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021946"
},
{
"name": "tsm-http-dos(49535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2762",
"datePublished": "2009-03-31T18:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1361
Vulnerability from cvelistv5
Published
2007-10-17 01:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seer.support.veritas.com/docs/252933.htm | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11418 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/6928 | vdb-entry, x_refsource_BID | |
| http://seer.support.veritas.com/docs/254442.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.support.veritas.com/docs/252933.htm"
},
{
"name": "20030225 VERITAS Software Technical Advisory (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html"
},
{
"name": "veritas-bmr-root-access(11418)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418"
},
{
"name": "6928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.support.veritas.com/docs/254442.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.support.veritas.com/docs/252933.htm"
},
{
"name": "20030225 VERITAS Software Technical Advisory (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html"
},
{
"name": "veritas-bmr-root-access(11418)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418"
},
{
"name": "6928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.support.veritas.com/docs/254442.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seer.support.veritas.com/docs/252933.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/252933.htm"
},
{
"name": "20030225 VERITAS Software Technical Advisory (fwd)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html"
},
{
"name": "veritas-bmr-root-access(11418)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418"
},
{
"name": "6928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6928"
},
{
"name": "http://seer.support.veritas.com/docs/254442.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/254442.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1361",
"datePublished": "2007-10-17T01:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-08T02:28:02.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2964
Vulnerability from cvelistv5
Published
2013-10-04 10:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC96517 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21651120 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83760 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC96517",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651120"
},
{
"name": "tsm-cve20132964-bo(83760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IC96517",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651120"
},
{
"name": "tsm-cve20132964-bo(83760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC96517",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96517"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651120",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651120"
},
{
"name": "tsm-cve20132964-bo(83760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-2964",
"datePublished": "2013-10-04T10:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4563
Vulnerability from cvelistv5
Published
2009-03-11 14:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/34077 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1021837 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21377388 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0669 | vdb-entry, x_refsource_VUPEN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775 | third-party-advisory, x_refsource_IDEFENSE | |
| http://secunia.com/advisories/34245 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/52617 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49188 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:19.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34077"
},
{
"name": "1021837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
},
{
"name": "ADV-2009-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0669"
},
{
"name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
},
{
"name": "34245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34245"
},
{
"name": "52617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52617"
},
{
"name": "tivoli-tsm-adsmdll-bo(49188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
},
{
"name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34077"
},
{
"name": "1021837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
},
{
"name": "ADV-2009-0669",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0669"
},
{
"name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
},
{
"name": "34245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34245"
},
{
"name": "52617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52617"
},
{
"name": "tivoli-tsm-adsmdll-bo(49188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
},
{
"name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34077"
},
{
"name": "1021837",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021837"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21377388"
},
{
"name": "ADV-2009-0669",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0669"
},
{
"name": "20090310 IBM Tivoli Storage Manager Express Heap Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775"
},
{
"name": "34245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34245"
},
{
"name": "52617",
"refsource": "OSVDB",
"url": "http://osvdb.org/52617"
},
{
"name": "tivoli-tsm-adsmdll-bo(49188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49188"
},
{
"name": "20090310 Assurent VR - IBM Tivoli Storage Manager Express Backup Server Heap Corruption",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0192.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4563",
"datePublished": "2009-03-11T14:00:00",
"dateReserved": "2008-10-14T00:00:00",
"dateUpdated": "2024-08-07T10:24:19.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3854
Vulnerability from cvelistv5
Published
2009-11-04 15:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC61058 | vendor-advisory, x_refsource_AIXAPAR | |
| http://securitytracker.com/id?1023136 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/3132 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21405562 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32534 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:49.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC61058",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61058"
},
{
"name": "1023136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023136"
},
{
"name": "ADV-2009-3132",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "32534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "IC61058",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61058"
},
{
"name": "1023136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023136"
},
{
"name": "ADV-2009-3132",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "32534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC61058",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61058"
},
{
"name": "1023136",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023136"
},
{
"name": "ADV-2009-3132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "32534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3854",
"datePublished": "2009-11-04T15:00:00",
"dateReserved": "2009-11-04T00:00:00",
"dateUpdated": "2024-08-07T06:45:49.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8998
Vulnerability from cvelistv5
Published
2017-02-24 18:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96443 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21998747 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager |
Version: 7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96443"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-01T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96443"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96443"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998747",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8998",
"datePublished": "2017-02-24T18:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1570
Vulnerability from cvelistv5
Published
2009-03-31 18:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49536 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/0881 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21375360 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34285 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1021947 | vdb-entry, x_refsource_SECTRACK | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/34498 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tsm-consolemode-info-disclosure(49536)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536"
},
{
"name": "ADV-2009-0881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "34285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "1021947",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021947"
},
{
"name": "IC37554",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554"
},
{
"name": "34498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to \"session exposure.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tsm-consolemode-info-disclosure(49536)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536"
},
{
"name": "ADV-2009-0881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "34285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "1021947",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021947"
},
{
"name": "IC37554",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554"
},
{
"name": "34498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to \"session exposure.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tsm-consolemode-info-disclosure(49536)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536"
},
{
"name": "ADV-2009-0881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "34285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "1021947",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021947"
},
{
"name": "IC37554",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554"
},
{
"name": "34498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1570",
"datePublished": "2009-03-31T18:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1301
Vulnerability from cvelistv5
Published
2017-10-05 17:00
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22006248 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101107 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006248",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"
},
{
"name": "101107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101107"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1301",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:56:53.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6195
Vulnerability from cvelistv5
Published
2015-02-14 02:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98607 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695183 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsm-cve20146195-sec-bypass(98607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695183"
},
{
"name": "IT04249",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsm-cve20146195-sec-bypass(98607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695183"
},
{
"name": "IT04249",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-cve20146195-sec-bypass(98607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98607"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695183",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695183"
},
{
"name": "IT04249",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6195",
"datePublished": "2015-02-14T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6185
Vulnerability from cvelistv5
Published
2015-02-13 02:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98521 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695715 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsm-cve20146185-dso(98521)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"name": "IT05713",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsm-cve20146185-dso(98521)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"name": "IT05713",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-cve20146185-dso(98521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98521"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695715"
},
{
"name": "IT05713",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6185",
"datePublished": "2015-02-13T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1339
Vulnerability from cvelistv5
Published
2017-10-05 17:00
Modified
2024-09-16 17:34
Severity ?
EPSS score ?
Summary
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101113 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22007936 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039498 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039498"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101113"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007936",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007936"
},
{
"name": "1039498",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039498"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1339",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:34:11.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6046
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95093 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21995754 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager Extended Edition |
Version: 6.4 Version: 7.1 Version: 7.1.1 Version: 6.1 Version: 6.2 Version: 6.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:19.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager Extended Edition",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "95093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager Extended Edition",
"version": {
"version_data": [
{
"version_value": "6.4"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.1"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95093"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6046",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:19.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28198
Vulnerability from cvelistv5
Published
2021-05-06 19:25
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:28:19.255372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:28:28.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:57.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T19:25:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** The \u0027id\u0027 parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in \"interactive\" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py",
"refsource": "MISC",
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py"
},
{
"name": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager",
"refsource": "MISC",
"url": "https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28198",
"datePublished": "2021-05-06T19:25:28",
"dateReserved": "2020-11-04T00:00:00",
"dateUpdated": "2024-08-04T16:33:57.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3855
Vulnerability from cvelistv5
Published
2009-11-04 15:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3132 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21405562 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32534 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:49.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3132",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "IC54489",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "32534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3132",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "IC54489",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "32534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3132"
},
{
"name": "IC54489",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC54489"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21405562"
},
{
"name": "32534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3855",
"datePublished": "2009-11-04T15:00:00",
"dateReserved": "2009-11-04T00:00:00",
"dateUpdated": "2024-08-07T06:45:49.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4927
Vulnerability from cvelistv5
Published
2015-11-04 02:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21969340 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034044 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969340"
},
{
"name": "1034044",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969340"
},
{
"name": "1034044",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969340",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969340"
},
{
"name": "1034044",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4927",
"datePublished": "2015-11-04T02:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4951
Vulnerability from cvelistv5
Published
2016-01-20 02:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034692 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21973484 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034692",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1034692",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034692"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973484",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4951",
"datePublished": "2016-01-20T02:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4606
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1024901 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2010/3251 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/42639 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg21454745 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "ADV-2010-3251",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42639"
},
{
"name": "IC69150",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"script execution vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-29T17:27:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1024901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "ADV-2010-3251",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42639"
},
{
"name": "IC69150",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"script execution vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024901",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "ADV-2010-3251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42639"
},
{
"name": "IC69150",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69150"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4606",
"datePublished": "2010-12-29T17:27:00Z",
"dateReserved": "2010-12-29T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:19.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7408
Vulnerability from cvelistv5
Published
2016-02-15 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21975957 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IT13609",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-15T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IT13609",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT13609",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7408",
"datePublished": "2016-02-15T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1550
Vulnerability from cvelistv5
Published
2018-09-26 15:00
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/142696 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10719401 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2018-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:L/AV:L/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-24T00:00:00",
"ID": "CVE-2018-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719401",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1550",
"datePublished": "2018-09-26T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T22:50:57.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4813
Vulnerability from cvelistv5
Published
2015-02-13 02:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95389 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695652 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT04140 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsm-cve20144813-race(95389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695652"
},
{
"name": "IT04140",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsm-cve20144813-race(95389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695652"
},
{
"name": "IT04140",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-cve20144813-race(95389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95389"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695652"
},
{
"name": "IT04140",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4813",
"datePublished": "2015-02-13T02:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6309
Vulnerability from cvelistv5
Published
2006-12-06 20:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tippingpoint.com/security/advisories/TSRT-06-14.html | x_refsource_MISC | |
| http://securityreason.com/securityalert/1979 | third-party-advisory, x_refsource_SREASON | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21250261 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/453544/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"name": "1979",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"name": "1979",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"name": "1979",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1979"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6309",
"datePublished": "2006-12-06T20:00:00",
"dateReserved": "2006-12-06T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6184
Vulnerability from cvelistv5
Published
2015-02-22 02:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695878 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IT05707",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-22T02:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IT05707",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695878"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT05707",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695878",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695878"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6184",
"datePublished": "2015-02-22T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8937
Vulnerability from cvelistv5
Published
2017-10-05 17:00
Modified
2024-09-16 16:53
Severity ?
EPSS score ?
Summary
The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22007935 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2016-8937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118750"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007935",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8937",
"datePublished": "2017-10-05T17:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:53:53.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4604
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1024901 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.vupen.com/english/advisories/2010/3251 | vdb-entry, x_refsource_VUPEN | |
| http://www.exploit-db.com/exploits/15745 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/42639 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/515263/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg21454745 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC65491",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491"
},
{
"name": "ADV-2010-3251",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "15745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15745"
},
{
"name": "42639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42639"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt"
},
{
"name": "20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1024901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC65491",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491"
},
{
"name": "ADV-2010-3251",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "15745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15745"
},
{
"name": "42639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42639"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt"
},
{
"name": "20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024901",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC65491",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491"
},
{
"name": "ADV-2010-3251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "15745",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15745"
},
{
"name": "42639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42639"
},
{
"name": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt",
"refsource": "MISC",
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt"
},
{
"name": "20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded"
},
{
"name": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c",
"refsource": "MISC",
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4604",
"datePublished": "2010-12-29T17:27:00",
"dateReserved": "2010-12-29T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0876
Vulnerability from cvelistv5
Published
2014-08-17 23:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC95875 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91063 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21673318 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC95875",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95875"
},
{
"name": "ibm-tsm-cve20140876-crash(91063)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IC95875",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95875"
},
{
"name": "ibm-tsm-cve20140876-crash(91063)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC95875",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC95875"
},
{
"name": "ibm-tsm-cve20140876-crash(91063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91063"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673318",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0876",
"datePublished": "2014-08-17T23:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5855
Vulnerability from cvelistv5
Published
2006-12-06 19:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"name": "tivoli-registration-message-bo(30702)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702"
},
{
"name": "IC50347",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347"
},
{
"name": "VU#350625",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/350625"
},
{
"name": "1979",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1979"
},
{
"name": "ADV-2006-4856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4856"
},
{
"name": "21440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21440"
},
{
"name": "VU#887249",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/887249"
},
{
"name": "1017333",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017333"
},
{
"name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"name": "tivoli-login-language-bo(30699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699"
},
{
"name": "23177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23177"
},
{
"name": "tivoli-smexecutewdsfsession-bo(30701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701"
},
{
"name": "VU#478753",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/478753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"name": "tivoli-registration-message-bo(30702)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702"
},
{
"name": "IC50347",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347"
},
{
"name": "VU#350625",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/350625"
},
{
"name": "1979",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1979"
},
{
"name": "ADV-2006-4856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4856"
},
{
"name": "21440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21440"
},
{
"name": "VU#887249",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/887249"
},
{
"name": "1017333",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017333"
},
{
"name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"name": "tivoli-login-language-bo(30699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699"
},
{
"name": "23177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23177"
},
{
"name": "tivoli-smexecutewdsfsession-bo(30701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701"
},
{
"name": "VU#478753",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/478753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21250261"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-14.html"
},
{
"name": "tivoli-registration-message-bo(30702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30702"
},
{
"name": "IC50347",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC50347"
},
{
"name": "VU#350625",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/350625"
},
{
"name": "1979",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1979"
},
{
"name": "ADV-2006-4856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4856"
},
{
"name": "21440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21440"
},
{
"name": "VU#887249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/887249"
},
{
"name": "1017333",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017333"
},
{
"name": "20061204 TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453544/100/0/threaded"
},
{
"name": "tivoli-login-language-bo(30699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30699"
},
{
"name": "23177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23177"
},
{
"name": "tivoli-smexecutewdsfsession-bo(30701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30701"
},
{
"name": "VU#478753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/478753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5855",
"datePublished": "2006-12-06T19:00:00",
"dateReserved": "2006-11-10T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4605
Vulnerability from cvelistv5
Published
2010-12-29 17:27
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1024901 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.vupen.com/english/advisories/2010/3251 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/42639 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ibm.com/support/docview.wss?uid=swg21454745 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC66686",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"name": "ADV-2010-3251",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-29T17:27:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1024901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC66686",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"name": "ADV-2010-3251",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024901",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024901"
},
{
"name": "IC66686",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC66686"
},
{
"name": "ADV-2010-3251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3251"
},
{
"name": "42639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42639"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4605",
"datePublished": "2010-12-29T17:27:00Z",
"dateReserved": "2010-12-29T00:00:00Z",
"dateUpdated": "2024-09-16T16:43:06.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1178
Vulnerability from cvelistv5
Published
2009-03-31 18:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0881 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21375360 | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/34285 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21246076 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34498 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1021945 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "IC46744",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744"
},
{
"name": "34285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"name": "34498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34498"
},
{
"name": "1021945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the \"admin command line.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-31T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0881",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "IC46744",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744"
},
{
"name": "34285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"name": "34498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34498"
},
{
"name": "1021945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the \"admin command line.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0881"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360"
},
{
"name": "IC46744",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744"
},
{
"name": "34285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34285"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076"
},
{
"name": "34498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34498"
},
{
"name": "1021945",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1178",
"datePublished": "2009-03-31T18:00:00Z",
"dateReserved": "2009-03-31T00:00:00Z",
"dateUpdated": "2024-09-17T01:26:39.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6044
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95091 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21995754 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager Extended Edition |
Version: 6.4 Version: 7.1 Version: 7.1.1 Version: 6.1 Version: 6.2 Version: 6.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:18.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager Extended Edition",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application\u0027s REST API, which may let the attacker violate security policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "95091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager Extended Edition",
"version": {
"version_data": [
{
"version_value": "6.4"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.1"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application\u0027s REST API, which may let the attacker violate security policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95091"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6044",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:18.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0541
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8817.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4500 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/8825.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4492 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/267143 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.tivoli.com/support/storage_mgr/flash_httpport.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020411 iXsecurity.20020327.tivoli_tsm_dsmcad.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html"
},
{
"name": "tivoli-storagemanager-client-bo(8817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8817.php"
},
{
"name": "4500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4500"
},
{
"name": "tivoli-storagemanager-login-bo(8825)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8825.php"
},
{
"name": "4492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4492"
},
{
"name": "20020411 iXsecurity.20020328.tivoli_tsm_dsmsvc.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/267143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tivoli.com/support/storage_mgr/flash_httpport.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020411 iXsecurity.20020327.tivoli_tsm_dsmcad.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html"
},
{
"name": "tivoli-storagemanager-client-bo(8817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8817.php"
},
{
"name": "4500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4500"
},
{
"name": "tivoli-storagemanager-login-bo(8825)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8825.php"
},
{
"name": "4492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4492"
},
{
"name": "20020411 iXsecurity.20020328.tivoli_tsm_dsmsvc.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/267143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tivoli.com/support/storage_mgr/flash_httpport.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020411 iXsecurity.20020327.tivoli_tsm_dsmcad.a",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html"
},
{
"name": "tivoli-storagemanager-client-bo(8817)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8817.php"
},
{
"name": "4500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4500"
},
{
"name": "tivoli-storagemanager-login-bo(8825)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8825.php"
},
{
"name": "4492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4492"
},
{
"name": "20020411 iXsecurity.20020328.tivoli_tsm_dsmsvc.a",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/267143"
},
{
"name": "http://www.tivoli.com/support/storage_mgr/flash_httpport.html",
"refsource": "CONFIRM",
"url": "http://www.tivoli.com/support/storage_mgr/flash_httpport.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0541",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1223
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48519 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg21457604 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1025741 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ibm.com/support/docview.wss?uid=swg1IC77052 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/45098 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"name": "1025741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025741"
},
{
"name": "IC77052",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052"
},
{
"name": "45098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"name": "1025741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025741"
},
{
"name": "IC77052",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052"
},
{
"name": "45098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48519"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21457604",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21457604"
},
{
"name": "1025741",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025741"
},
{
"name": "IC77052",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC77052"
},
{
"name": "45098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1223",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-03-03T00:00:00Z",
"dateUpdated": "2024-09-16T18:44:22.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1786
Vulnerability from cvelistv5
Published
2018-11-12 16:00
Modified
2024-09-17 01:01
Severity ?
EPSS score ?
Summary
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10738765 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105940 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Spectrum Protect |
Version: 7.1 Version: 8.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"datePublic": "2018-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-08T00:00:00",
"ID": "CVE-2018-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181786-dos(148871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"name": "105940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1786",
"datePublished": "2018-11-12T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:01:42.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8940
Vulnerability from cvelistv5
Published
2017-03-07 17:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21998946 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Tivoli Storage Manager |
Version: 5.3.5.3 Version: 5.4.1.2 Version: 4.2 Version: 4.2.1 Version: 5.1.8 Version: 5.2.5.1 Version: 5.2.7 Version: 5.2.8 Version: 5.2.9 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.4.4.0 Version: 5.4.2.4 Version: 5.4.2.3 Version: 5.4.2.2 Version: 5.3.6.9 Version: 5.3.6.2 Version: 5.3.6.1 Version: 5.3.4 Version: 5.2.5.3 Version: 5.2.5.2 Version: 5.2.4 Version: 5.3.5.1 Version: 5.3.2.4 Version: 6.0 Version: 5.1.0 Version: 5.1.1 Version: 5.1.10 Version: 5.1.5 Version: 5.1.6 Version: 5.1.7 Version: 5.1.9 Version: 5.2.0 Version: 5.2.1 Version: 4.2.2 Version: 4.2.3 Version: 4.2.4 Version: 5.2.2 Version: 5.3 Version: 5.2 Client Version: 5.4 Client Version: 5.5.7 Version: 5.2.3.4 Client Version: 5.5.1.0 Version: 5.5.1.6 Version: 5.4 Version: 5.5 Version: 6.1 Version: 6.2 Version: 6.3 Version: 6.4 Version: 7.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tivoli Storage Manager",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.3.5.3"
},
{
"status": "affected",
"version": "5.4.1.2"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "5.1.8"
},
{
"status": "affected",
"version": "5.2.5.1"
},
{
"status": "affected",
"version": "5.2.7"
},
{
"status": "affected",
"version": "5.2.8"
},
{
"status": "affected",
"version": "5.2.9"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.4.4.0"
},
{
"status": "affected",
"version": "5.4.2.4"
},
{
"status": "affected",
"version": "5.4.2.3"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.3.6.9"
},
{
"status": "affected",
"version": "5.3.6.2"
},
{
"status": "affected",
"version": "5.3.6.1"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "5.2.5.3"
},
{
"status": "affected",
"version": "5.2.5.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.3.5.1"
},
{
"status": "affected",
"version": "5.3.2.4"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.10"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "5.1.7"
},
{
"status": "affected",
"version": "5.1.9"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.2 Client"
},
{
"status": "affected",
"version": "5.4 Client"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.2.3.4 Client"
},
{
"status": "affected",
"version": "5.5.1.0"
},
{
"status": "affected",
"version": "5.5.1.6"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2017-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-07T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager",
"version": {
"version_data": [
{
"version_value": "5.3.5.3"
},
{
"version_value": "5.4.1.2"
},
{
"version_value": "4.2"
},
{
"version_value": "4.2.1"
},
{
"version_value": "5.1.8"
},
{
"version_value": "5.2.5.1"
},
{
"version_value": "5.2.7"
},
{
"version_value": "5.2.8"
},
{
"version_value": "5.2.9"
},
{
"version_value": "5.3.0"
},
{
"version_value": "5.3.1"
},
{
"version_value": "5.3.2"
},
{
"version_value": "5.3.3"
},
{
"version_value": "5.4.4.0"
},
{
"version_value": "5.4.2.4"
},
{
"version_value": "5.4.2.3"
},
{
"version_value": "5.4.2.2"
},
{
"version_value": "5.3.6.9"
},
{
"version_value": "5.3.6.2"
},
{
"version_value": "5.3.6.1"
},
{
"version_value": "5.3.4"
},
{
"version_value": "5.2.5.3"
},
{
"version_value": "5.2.5.2"
},
{
"version_value": "5.2.4"
},
{
"version_value": "5.3.5.1"
},
{
"version_value": "5.3.2.4"
},
{
"version_value": "6.0"
},
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.1"
},
{
"version_value": "5.1.10"
},
{
"version_value": "5.1.5"
},
{
"version_value": "5.1.6"
},
{
"version_value": "5.1.7"
},
{
"version_value": "5.1.9"
},
{
"version_value": "5.2.0"
},
{
"version_value": "5.2.1"
},
{
"version_value": "4.2.2"
},
{
"version_value": "4.2.3"
},
{
"version_value": "4.2.4"
},
{
"version_value": "5.2.2"
},
{
"version_value": "5.3"
},
{
"version_value": "5.2 Client"
},
{
"version_value": "5.4 Client"
},
{
"version_value": "5.5.7"
},
{
"version_value": "5.2.3.4 Client"
},
{
"version_value": "5.5.1.0"
},
{
"version_value": "5.5.1.6"
},
{
"version_value": "5.4"
},
{
"version_value": "5.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
},
{
"version_value": "6.4"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998946",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8940",
"datePublished": "2017-03-07T17:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}