Code injection

2017-10-0517:29:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

CPENameOperatorVersion
tivoli_storage_managereq6.3.6.100
tivoli_storage_managereq6.4.2
tivoli_storage_managereq7.1.0.1
tivoli_storage_managereq7.1.5
tivoli_storage_managereq6.4.2.100
tivoli_storage_managereq6.3
tivoli_storage_managereq6.1
tivoli_storage_managereq6.1.5.5
tivoli_storage_managereq6.3.5.1
tivoli_storage_managereq7.1.0.2

Name	Operator	Version
tivoli_storage_manager	eq	6.3.6.100
tivoli_storage_manager	eq	6.4.2
tivoli_storage_manager	eq	7.1.0.1
tivoli_storage_manager	eq	7.1.5
tivoli_storage_manager	eq	6.4.2.100
tivoli_storage_manager	eq	6.3
tivoli_storage_manager	eq	6.1
tivoli_storage_manager	eq	6.1.5.5
tivoli_storage_manager	eq	6.3.5.1
tivoli_storage_manager	eq	7.1.0.2