CVE-2015-4950

The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
ibmtivoli_storage_fastback_for_microsoft_exchange
6.1
ibmtivoli_storage_flashcopy_manager_for_microsoft_exchange_server
2.1
ibmtivoli_storage_flashcopy_manager_for_microsoft_exchange_server
2.2
ibmtivoli_storage_flashcopy_manager_for_microsoft_exchange_server
3.1
ibmtivoli_storage_flashcopy_manager_for_microsoft_exchange_server
3.2
ibmtivoli_storage_flashcopy_manager_for_microsoft_exchange_server
4.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1.2
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.1.3
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.3
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.3.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.4
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
6.4.1
ibmtivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server
7.1
𝑥
= Vulnerable software versions