Lucene search

K
cve[email protected]CVE-2013-3976
HistoryMar 26, 2014 - 10:55 a.m.

CVE-2013-3976

2014-03-2610:55:05
CWE-264
web.nvd.nist.gov
17
ibm
tivoli
storage manager
flashcopy
unauthorized access
email
pst restore
security vulnerability

6.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.2%

The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.

Affected configurations

NVD
Node
ibmdata_protectionMatch6.1exchange_server
OR
ibmdata_protectionMatch6.3exchange_server
OR
ibmflashcopy_managerMatch2.1exchange_server
OR
ibmflashcopy_managerMatch2.2exchange_server
OR
ibmflashcopy_managerMatch3.1exchange_server
OR
ibmtivoli_storage_flashcopy_managerMatch-
OR
ibmtivoli_storage_manager_for_mailMatch-

6.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.2%

Related for CVE-2013-3976