CVE-2015-7408

EUVD-2015-7332
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
ibmtivoli_storage_manager
5.5.0.0
ibmtivoli_storage_manager
6.1.0.0
ibmtivoli_storage_manager
6.2.0.0
ibmtivoli_storage_manager
6.3.3.0
ibmtivoli_storage_manager
6.3.4.0
ibmtivoli_storage_manager
6.3.5.0
ibmtivoli_storage_manager
7.1.0.0
ibmtivoli_storage_manager
7.1.0.1
ibmtivoli_storage_manager
7.1.0.2
ibmtivoli_storage_manager
7.1.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609
http://www-01.ibm.com/support/docview.wss?uid=swg21975957
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609
http://www-01.ibm.com/support/docview.wss?uid=swg21975957