CVE-2015-7408

CWE-2643 documents3 sources
Severity
3.7LOW
EPSS
0.2%
top 58.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Storage Manager
Timeline
PublishedFeb 15
Latest updateMay 17

Description

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

NVDibm/tivoli_storage_manager10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-78rh-h9j3-q64m: The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 52022-05-17
CVEList
CVE-2015-7408: The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 52016-02-15
CVE-2015-7408 (LOW CVSS 3.7) | The server in IBM Spectrum Protect | cvebase.io