Security Bulletin: IBM Tivoli Storage Manager FastBack Server Opcode 1329 Information Disclosure Vulnerability (CVE-2015-1941)

2022-08-2001:29:42

www.ibm.com

0.96 High

EPSS

Percentile

99.5%

JSON

Summary

An attacker can force IBM Tivoli Storage Manager FastBack Server to read an arbitrary file and return the contents under the privilege of SYSTEM.

Vulnerability Details

CVEID: CVE-2015-1941**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack could allow a remote attacker to read any file on the system by sending a specially crafted packet to a specific TCP port.
CVSS Base Score: 7.8
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/103136>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Affected Products and Versions

IBM Tivoli Storage Manager FastBack Server 6.1.11.1 and earlier

Remediation/Fixes

_FastBack Release _

| First FixingVRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.12| Windows| None| <http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack>

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli storage manager fastbackeq6.1
tivoli storage manager fastbackeq6.1.1
tivoli storage manager fastbackeq6.1.2
tivoli storage manager fastbackeq6.1.3
tivoli storage manager fastbackeq6.1.4
tivoli storage manager fastbackeq6.1.5
tivoli storage manager fastbackeq6.1.6
tivoli storage manager fastbackeq6.1.7
tivoli storage manager fastbackeq6.1.8
tivoli storage manager fastbackeq6.1.9

Name	Operator	Version
tivoli storage manager fastback	eq	6.1
tivoli storage manager fastback	eq	6.1.1
tivoli storage manager fastback	eq	6.1.2
tivoli storage manager fastback	eq	6.1.3
tivoli storage manager fastback	eq	6.1.4
tivoli storage manager fastback	eq	6.1.5
tivoli storage manager fastback	eq	6.1.6
tivoli storage manager fastback	eq	6.1.7
tivoli storage manager fastback	eq	6.1.8
tivoli storage manager fastback	eq	6.1.9