The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609 | Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg21975957 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2016-02-15T02:00:00
Updated: 2016-02-15T02:57:01
Reserved: 2015-09-29T00:00:00
Link: CVE-2015-7408
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-02-15T02:59:10.450
Modified: 2016-03-10T20:10:20.083
Link: CVE-2015-7408
JSON object: View
Redhat Information
No data.
CWE