CVE-2015-7408

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
ibmtivoli_storage_manager
5.5.0.0
ibmtivoli_storage_manager
6.1.0.0
ibmtivoli_storage_manager
6.2.0.0
ibmtivoli_storage_manager
6.3.3.0
ibmtivoli_storage_manager
6.3.4.0
ibmtivoli_storage_manager
6.3.5.0
ibmtivoli_storage_manager
7.1.0.0
ibmtivoli_storage_manager
7.1.0.1
ibmtivoli_storage_manager
7.1.0.2
ibmtivoli_storage_manager
7.1.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609
http://www-01.ibm.com/support/docview.wss?uid=swg21975957
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609
http://www-01.ibm.com/support/docview.wss?uid=swg21975957