Code injection

2016-02-1502:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

JSON

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.

CPENameOperatorVersion
tivoli_storage_managereq6.2.0.0
tivoli_storage_managereq5.5.0.0
tivoli_storage_managereq7.1.0.1
tivoli_storage_managereq6.3.3.0
tivoli_storage_managereq6.1.0.0
tivoli_storage_managereq7.1.0.2
tivoli_storage_managereq6.3.4.0
tivoli_storage_managereq7.1.0.3
tivoli_storage_managereq7.1.0.0
tivoli_storage_managereq6.3.5.0

Name	Operator	Version
tivoli_storage_manager	eq	6.2.0.0
tivoli_storage_manager	eq	5.5.0.0
tivoli_storage_manager	eq	7.1.0.1
tivoli_storage_manager	eq	6.3.3.0
tivoli_storage_manager	eq	6.1.0.0
tivoli_storage_manager	eq	7.1.0.2
tivoli_storage_manager	eq	6.3.4.0
tivoli_storage_manager	eq	7.1.0.3
tivoli_storage_manager	eq	7.1.0.0
tivoli_storage_manager	eq	6.3.5.0