The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x prior to 6.3.5.1 and 7.x prior to 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote malicious users to read or write to backup data by leveraging proxy authority.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli storage manager 6.3.4.0 |
||
ibm tivoli storage manager 6.3.3.0 |
||
ibm tivoli storage manager 7.1.0.3 |
||
ibm tivoli storage manager 7.1.0.2 |
||
ibm tivoli storage manager 7.1.0.1 |
||
ibm tivoli storage manager 5.5.0.0 |
||
ibm tivoli storage manager 6.2.0.0 |
||
ibm tivoli storage manager 7.1.0.0 |
||
ibm tivoli storage manager 6.1.0.0 |
||
ibm tivoli storage manager 6.3.5.0 |