CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2988
https://notcve.org/view.php?id=CVE-2016-2988
25 Nov 2016 — IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins. IBM Tivoli Storage Manger para Virtual Environments: Data Protection para VMware (también conocido como Spectrum Protect para Virtual Environments) 6.4.x en versiones anteriores a 6.4.3.4 y 7... • http://www-01.ibm.com/support/docview.wss?uid=swg21988781 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.5EPSS: 0%CPEs: 66EXPL: 0CVE-2016-2894
https://notcve.org/view.php?id=CVE-2016-2894
03 Jul 2016 — IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 hasta la versión 6.3 en versiones anteriores a 6.3.2.6, 6.4 en versiones anteriores a 6.4.3.3 y 7.1 en versiones anteriores a 7.1.6 pe... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 9%CPEs: 18EXPL: 0CVE-2015-7425
https://notcve.org/view.php?id=CVE-2015-7425
21 Feb 2016 — The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution. El... • http://www-01.ibm.com/support/docview.wss?uid=swg21973086 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2015-7408
https://notcve.org/view.php?id=CVE-2015-7408
15 Feb 2016 — The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority. El servidor en IBM Spectrum Protect (también conocido como Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.5.1 y 7.x en versiones anteriores a 7.1.4 no restringe adecuadamente el uso de la opción ASNODENAME, lo que permite a atacantes... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4951
https://notcve.org/view.php?id=CVE-2015-4951
20 Jan 2016 — Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. Client Acceptor Daemon (CAD) en el client en IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.2.5, 6.4 en versiones anteriores a 6.4.3.1 y 7.1 en versiones anteriores a 7.1.3 permite a atacante... • http://www-01.ibm.com/support/docview.wss?uid=swg21973484 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2015-7404
https://notcve.org/view.php?id=CVE-2015-7404
14 Nov 2015 — IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-4927
https://notcve.org/view.php?id=CVE-2015-4927
04 Nov 2015 — The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file. El componente Reporting and Monitoring en Tivoli Monitoring en IBM Tivoli Storage Manager 6.3 en versiones anteriores a 6.3.6 y 7.1 en versiones anteriores a 7.1.3 en Linux y AIX utiliza permisos de escritura para todos para archivos no especific... • http://www-01.ibm.com/support/docview.wss?uid=swg21969340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2015-4950
https://notcve.org/view.php?id=CVE-2015-4950
23 Aug 2015 — The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenti... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2015-6557
https://notcve.org/view.php?id=CVE-2015-6557
23 Aug 2015 — IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exce... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4818
https://notcve.org/view.php?id=CVE-2014-4818
24 Feb 2015 — dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors. dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x anterior a 6.4.3, y 7.1.x anterior a 7.1.2 permite a usuarios locales descubrir la contraseña de la clave del cifrado de backup/restore a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •