CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
78.9%
A Denial of Service vulnerability exists in the IBM Tivoli Storage Manager (TSM) client traditional scheduler
**DESCRIPTION:**A Denial of Service vulnerability in the TSM client traditional scheduler allows a remote attacker to disable the traditional scheduler when it is in Prompted mode (SCHEDMODE=PROMPTED). Once disabled, no more schedules (such as scheduled backups) will be run, and the TSM server log will show that schedules for that node are missed.
**CVEID:*CVE-2013-0471
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81215
for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
AFFECTED PRODUCTS AND VERSIONS:
REMEDIATION:
TSM Release | First Fixing VRMF Level | Client Platform | APAR | Link to fix |
---|---|---|---|---|
6.4 | 6.4.0.1 | All | IC87331 | http://www.ibm.com/support/docview.wss?uid=swg24034276 |
6.3 | 6.3.1.0 | All | IC87331 | _<http://www.ibm.com/support/docview.wss?uid=swg24034109>_ |
6.2 | 6.2.5.0 | All | IC87331 | <http://www.ibm.com/support/docview.wss?uid=swg24034630> |
6.1 | None | |||
Upgrade to fixing 6.3 or 6.4 client, or use workarounds | ||||
5.5 | None | |||
Upgrade to fixing 6.3 or 6.4 client, or use workarounds | ||||
5.4 and previous | None | |||
No longer in support | ||||
Upgrade to fixing 6.3 or 6.4 client, or use workarounds |
Workaround(s):
One of the following:
Mitigation(s):
See Workarounds above.
REFERENCES:
ยท Complete CVSS Guide
ยท On-line Calculator V2_ _
ยท CVE-2013-0471__ __
ยท _X-Force Vulnerability Database __<https://exchange.xforce.ibmcloud.com/vulnerabilities/81215>_
RELATED INFORMATION:
_IBM Secure Engineering Web Portal _
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT
None
CHANGE HISTORY
31 January 2013: Original Copy Published
8 February 2013: Added โOne of the following:โ to the beginning of the Workaround section, to clarify that either bulleted item is a workaround.
6 June 2013: Added hyperlink to 6.2.5 download
18 August 2015: Fixed link to CVSS doc
_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _
_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an โindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.โ IBM PROVIDES THE CVSS SCORES โAS ISโ WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY
[{โProductโ:{โcodeโ:โSSGSG7โ,โlabelโ:โTivoli Storage Managerโ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โClientโ,โPlatformโ:[{โcodeโ:โPF025โ,โlabelโ:โPlatform Independentโ}],โVersionโ:โ5.5;6.1;6.2;6.3;6.4โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}},{โProductโ:{โcodeโ:โSSSR2Rโ,โlabelโ:โTivoli Storage Manager for Space Managementโ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:" โ,โPlatformโ:[{โcodeโ:โPF002โ,โlabelโ:โAIXโ},{โcodeโ:โPF016โ,โlabelโ:โLinuxโ}],โVersionโ:โ5.5;6.1;6.2;6.3;6.4โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}},{โProductโ:{โcodeโ:โSSSQWCโ,โlabelโ:โTivoli Storage Manager Extended Editionโ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โClientโ,โPlatformโ:[{โcodeโ:โPF002โ,โlabelโ:โAIXโ},{โcodeโ:โPF010โ,โlabelโ:โHP-UXโ},{โcodeโ:โPF016โ,โlabelโ:โLinuxโ},{โcodeโ:โPF027โ,โlabelโ:โSolarisโ},{โcodeโ:โPF033โ,โlabelโ:โWindowsโ},{โcodeโ:โPF017โ,โlabelโ:โMac OSโ}],โVersionโ:โ6.2;5.5;6.1;6.3;6.4โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}},{โProductโ:{โcodeโ:โSSAT9Sโ,โlabelโ:โIBM System Storage Archive Managerโ},โBusiness Unitโ:{โcodeโ:โBU058โ,โlabelโ:โIBM Infrastructure w/TPSโ},โComponentโ:โ โ,โPlatformโ:[{โcodeโ:โPF002โ,โlabelโ:โAIXโ},{โcodeโ:โPF010โ,โlabelโ:โHP-UXโ},{โcodeโ:โPF016โ,โlabelโ:โLinuxโ},{โcodeโ:โPF027โ,โlabelโ:โSolarisโ},{โcodeโ:โPF033โ,โlabelโ:โWindowsโ},{โcodeโ:โPF017โ,โlabelโ:โMac OSโ}],โVersionโ:โโ,โEditionโ:โ",โLine of Businessโ:{โcodeโ:โLOB26โ,โlabelโ:โStorageโ}}]
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_storage_manager | 5.5 | cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 6.1 | cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 6.2 | cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 6.3 | cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 6.4 | cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_for_space_management | 5.5 | cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:5.5:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_for_space_management | 6.1 | cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_for_space_management | 6.2 | cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.2:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_for_space_management | 6.3 | cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.3:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_for_space_management | 6.4 | cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.4:*:*:*:*:*:*:* |