CVE-2014-4817

EUVD-2014-4736
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_manager
5.1.0
ibmtivoli_storage_manager
5.1.1
ibmtivoli_storage_manager
5.1.5
ibmtivoli_storage_manager
5.1.6
ibmtivoli_storage_manager
5.1.7
ibmtivoli_storage_manager
5.1.8
ibmtivoli_storage_manager
5.1.9
ibmtivoli_storage_manager
5.1.10
ibmtivoli_storage_manager
5.2
ibmtivoli_storage_manager
5.2.0
ibmtivoli_storage_manager
5.2.1
ibmtivoli_storage_manager
5.2.2
ibmtivoli_storage_manager
5.2.4
ibmtivoli_storage_manager
5.2.5.1
ibmtivoli_storage_manager
5.2.5.2
ibmtivoli_storage_manager
5.2.5.3
ibmtivoli_storage_manager
5.2.7
ibmtivoli_storage_manager
5.2.8
ibmtivoli_storage_manager
5.2.9
ibmtivoli_storage_manager
5.3
ibmtivoli_storage_manager
5.3.0
ibmtivoli_storage_manager
5.3.1
ibmtivoli_storage_manager
5.3.2
ibmtivoli_storage_manager
5.3.2.4
ibmtivoli_storage_manager
5.3.3
ibmtivoli_storage_manager
5.3.4
ibmtivoli_storage_manager
5.3.5.1
ibmtivoli_storage_manager
5.3.6.1
ibmtivoli_storage_manager
5.3.6.2
ibmtivoli_storage_manager
5.3.6.3
ibmtivoli_storage_manager
5.3.6.4
ibmtivoli_storage_manager
5.3.6.5
ibmtivoli_storage_manager
5.3.6.6
ibmtivoli_storage_manager
5.4
ibmtivoli_storage_manager
5.4.0
ibmtivoli_storage_manager
5.4.1
ibmtivoli_storage_manager
5.4.2
ibmtivoli_storage_manager
5.4.2.2
ibmtivoli_storage_manager
5.4.2.3
ibmtivoli_storage_manager
5.4.2.4
ibmtivoli_storage_manager
5.4.3.0
ibmtivoli_storage_manager
5.4.3.2
ibmtivoli_storage_manager
5.4.3.3
ibmtivoli_storage_manager
5.4.4.0
ibmtivoli_storage_manager
5.5.0
ibmtivoli_storage_manager
5.5.1
ibmtivoli_storage_manager
5.5.2
ibmtivoli_storage_manager
5.5.3
ibmtivoli_storage_manager
5.5.4
ibmtivoli_storage_manager
5.5.4.1
ibmtivoli_storage_manager
6.0
ibmtivoli_storage_manager
6.1.0
ibmtivoli_storage_manager
6.1.1
ibmtivoli_storage_manager
6.1.2
ibmtivoli_storage_manager
6.1.3
ibmtivoli_storage_manager
6.1.4
ibmtivoli_storage_manager
6.1.5
ibmtivoli_storage_manager
6.1.5.4
ibmtivoli_storage_manager
6.2.0
ibmtivoli_storage_manager
6.2.0.0
ibmtivoli_storage_manager
6.2.1
ibmtivoli_storage_manager
6.2.2
ibmtivoli_storage_manager
6.2.3
ibmtivoli_storage_manager
6.2.4
ibmtivoli_storage_manager
6.2.4.4
ibmtivoli_storage_manager
6.2.4.7
ibmtivoli_storage_manager
6.2.6
ibmtivoli_storage_manager
6.2.7
ibmtivoli_storage_manager
6.3.0
ibmtivoli_storage_manager
6.3.0.0
ibmtivoli_storage_manager
6.3.0.1
ibmtivoli_storage_manager
6.3.0.17
ibmtivoli_storage_manager
6.3.1
ibmtivoli_storage_manager
6.3.2
ibmtivoli_storage_manager
6.3.2.1
ibmtivoli_storage_manager
6.3.3
ibmtivoli_storage_manager
6.3.4
ibmtivoli_storage_manager
6.3.5
ibmtivoli_storage_manager
6.3.5.1
ibmtivoli_storage_manager
6.4.0
ibmtivoli_storage_manager
6.4.0.0
ibmtivoli_storage_manager
6.4.1
ibmtivoli_storage_manager
6.4.2
ibmtivoli_storage_manager
7.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884
http://www-01.ibm.com/support/docview.wss?uid=swg21686874
https://exchange.xforce.ibmcloud.com/vulnerabilities/95444
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884
http://www-01.ibm.com/support/docview.wss?uid=swg21686874
https://exchange.xforce.ibmcloud.com/vulnerabilities/95444