CVE-2015-7408
Last modified
CVE-2015-7408 is a vulnerability of currently unknown severity. The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Storage Manager | 5.5.0.0 |
| Ibm | Tivoli Storage Manager | 6.1.0.0 |
| Ibm | Tivoli Storage Manager | 6.2.0.0 |
| Ibm | Tivoli Storage Manager | 6.3.3.0 |
| Ibm | Tivoli Storage Manager | 6.3.4.0 |
| Ibm | Tivoli Storage Manager | 6.3.5.0 |
| Ibm | Tivoli Storage Manager | 7.1.0.0 |
| Ibm | Tivoli Storage Manager | 7.1.0.1 |
| Ibm | Tivoli Storage Manager | 7.1.0.2 |
| Ibm | Tivoli Storage Manager | 7.1.0.3 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21975957Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21975957Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-7408?
How severe is CVE-2015-7408?
How do I fix CVE-2015-7408?
Are you affected by CVE-2015-7408?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST