Lucene search

[email protected]CVE-2015-7408

HistoryFeb 15, 2016 - 2:59 a.m.

CVE-2015-7408

2016-02-1502:59:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm spectrum protect

tivoli storage manager

cve-2015-7408

asnodename

proxy authority

nvd

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.7%

JSON

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.

CPENameOperatorVersion
ibm:tivoli_storage_manageribm tivoli storage managereq6.2.0.0
ibm:tivoli_storage_manageribm tivoli storage managereq5.5.0.0
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.1
ibm:tivoli_storage_manageribm tivoli storage managereq6.3.3.0
ibm:tivoli_storage_manageribm tivoli storage managereq6.1.0.0
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.2
ibm:tivoli_storage_manageribm tivoli storage managereq6.3.4.0
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.3
ibm:tivoli_storage_manageribm tivoli storage managereq7.1.0.0
ibm:tivoli_storage_manageribm tivoli storage managereq6.3.5.0

CPE	Name	Operator	Version
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.2.0.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	5.5.0.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.1
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.3.3.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.1.0.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.2
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.3.4.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.3
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	7.1.0.0
ibm:tivoli_storage_manager	ibm tivoli storage manager	eq	6.3.5.0

References

www-01.ibm.com/support/docview.wss?uid=swg1IT13609

www-01.ibm.com/support/docview.wss?uid=swg21975957

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.7%

JSON

Related for CVE-2015-7408

prion1 cvelist1 ibm1