Lucene search

[email protected]NVD:CVE-2003-1570

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2003-1570

2009-03-3118:24:44

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

56.8%

JSON

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to “session exposure.”

Affected configurations

Nvd

Node

ibmtivoli_storage_managerMatch5.1.0

ibmtivoli_storage_managerMatch5.1.1

ibmtivoli_storage_managerMatch5.1.5

ibmtivoli_storage_managerMatch5.1.6

ibmtivoli_storage_managerMatch5.1.7

ibmtivoli_storage_managerMatch5.1.8

ibmtivoli_storage_managerMatch5.1.9

ibmtivoli_storage_managerMatch5.1.10

ibmtivoli_storage_managerMatch5.2.0

ibmtivoli_storage_managerMatch5.2.1

ibmtivoli_storage_managerMatch6.0

VendorProductVersionCPE
ibmtivoli_storage_manager5.1.0cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.1cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.5cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.6cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.7cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.8cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.9cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.10cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.2.0cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.2.1cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager	5.1.0	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:::::::*
ibm	tivoli_storage_manager	5.1.1	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:::::::*
ibm	tivoli_storage_manager	5.1.5	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:::::::*
ibm	tivoli_storage_manager	5.1.6	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:::::::*
ibm	tivoli_storage_manager	5.1.7	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:::::::*
ibm	tivoli_storage_manager	5.1.8	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:::::::*
ibm	tivoli_storage_manager	5.1.9	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:::::::*
ibm	tivoli_storage_manager	5.1.10	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:::::::*
ibm	tivoli_storage_manager	5.2.0	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:::::::*
ibm	tivoli_storage_manager	5.2.1	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/34498

securitytracker.com/id?1021947

www-01.ibm.com/support/docview.wss?uid=swg21375360

www-1.ibm.com/support/docview.wss?uid=swg1IC37554

www.securityfocus.com/bid/34285

www.vupen.com/english/advisories/2009/0881

exchange.xforce.ibmcloud.com/vulnerabilities/49536

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

56.8%

JSON

Related for NVD:CVE-2003-1570

cve1 cvelist1