Lucene search

[email protected]CVE-2003-1570

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2003-1570

2009-03-3118:24:00

CWE-287

[email protected]

web.nvd.nist.gov

ibm

tivoli storage manager

tsm

unauthorized access

server console

session exposure

nvd

cve-2003-1570

6.9 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.4%

JSON

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to “session exposure.”

CPENameOperatorVersion
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.6
ibm:tivoli_storage_manageribm tivoli storage managereq5.2.0
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.9
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.10
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.8
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.0
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.1
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.5
ibm:tivoli_storage_manageribm tivoli storage managereq6.0
ibm:tivoli_storage_manageribm tivoli storage managereq5.1.7

CPE	Name	Operator	Version
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.6
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.2.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.9
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.10
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.8
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.5
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.1.7

Rows per page:

1-10 of 111

References

secunia.com/advisories/34498

securitytracker.com/id?1021947

www-01.ibm.com/support/docview.wss?uid=swg21375360

www-1.ibm.com/support/docview.wss?uid=swg1IC37554

www.securityfocus.com/bid/34285

www.vupen.com/english/advisories/2009/0881

exchange.xforce.ibmcloud.com/vulnerabilities/49536

6.9 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for CVE-2003-1570

cvelist1