CVE-2017-1301

CWE-593 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 71.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum ProtectIBM Tivoli Storage Manager
Timeline
PublishedOct 5
Latest updateMay 17

Description

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/spectrum_protect7.1, 8.1+1
NVDibm/tivoli_storage_manager62 versions+61

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-fw7p-w2p7-vc8c: IBM Spectrum Protect 72022-05-17
CVEList
CVE-2017-1301: IBM Spectrum Protect 72017-10-05
CVE-2017-1301 (MEDIUM CVSS 5.5) | IBM Spectrum Protect 7.1 and 8.1 co | cvebase.io