Design/Logic Flaw

2014-03-2610:55:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.5%

JSON

The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.

CPENameOperatorVersion
data_protectioneq6.1
data_protectioneq6.3
flashcopy_managereq2.2
flashcopy_managereq2.1
flashcopy_managereq3.1

Name	Operator	Version
data_protection	eq	6.1
data_protection	eq	6.3
flashcopy_manager	eq	2.2
flashcopy_manager	eq	2.1
flashcopy_manager	eq	3.1

References

www-01.ibm.com/support/docview.wss?uid=swg1IC81223

www-01.ibm.com/support/docview.wss?uid=swg21644407

exchange.xforce.ibmcloud.com/vulnerabilities/84881