Security Bulletin: IBM Tivoli Storage Manager ASNODENAME Vulnerability (CVE-2015-7408)

Summary Unauthorized Tivoli Storage Manager client sessions using the ASNODENAME option may run as authorized sessions allowing the user to generate or retrieve backup data for which they are not authorized. Vulnerability Details CVEID: CVE-2015-7408 DESCRIPTION: Tivoli Storage Manager clients ca...

CVE-2015-7408

The server in IBM Spectrum Protect aka Tivoli Storage Manager 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority...

Code injection

The server in IBM Spectrum Protect aka Tivoli Storage Manager 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority...

CVE-2015-7408

The server in IBM Spectrum Protect aka Tivoli Storage Manager 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority...

CVE-2015-7408

IBM Spectrum Protect (Tivoli Storage Manager) is affected by CVE-2015-7408. The server fails to properly restrict the ASNODENAME option, allowing a client session to proxy as another authorized session and read or write backup data. Affected server versions: 5.5, 6.x prior to 6.3.5.1, and 7.x pri...