Lucene search

Kaspersky LabKLA10211

HistoryJan 13, 2014 - 12:00 a.m.

KLA10211 SB vulnerability in IBM Tivoli Storage Manager

2014-01-1300:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

An improper permissions vulnerability was found in IBM Tivoli Storage Manager. By exploiting this vulnerability malicious users can bypass access restrictions. This vulnerability can be exploited locally via standard file operations.

Original advisories

Related products

Tivoli-Storage-Manager

CVE list

CVE-2013-5371 warning

Solution

Update to latest version

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

IBM Tivoli Storage Manager versions 6.3.1 and 6.4.0

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Tivoli-Storage-Manager/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for KLA10211