CVE-2003-1570Improper Authentication in IBM Tivoli Storage Manager

CWE-287Improper Authentication3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 46.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Storage Manager
Timeline
PublishedMar 31
Latest updateApr 29

Description

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/tivoli_storage_manager11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-p3g3-mx33-cm6q: The server in IBM Tivoli Storage Manager (TSM) 52022-04-29
CVEList
CVE-2003-1570: The server in IBM Tivoli Storage Manager (TSM) 52009-03-31
CVE-2003-1570 — Improper Authentication in IBM | cvebase