CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2016-5985
https://notcve.org/view.php?id=CVE-2016-5985
01 Feb 2017 — The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash. El cliente IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX es vulnerable a un desbordamiento de búfer cuando Journal-Based Backup está habilitado. Un atacante local podría desboradr un búfer y ejecutar código arbitrario en el sistema o provocar una caída del si... • http://www.ibm.com/support/docview.wss?uid=swg21993695 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6043
https://notcve.org/view.php?id=CVE-2016-6043
01 Feb 2017 — Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. Tivoli Storage Manager Operations Center podría permitir a un usuario local asumir el control de un usuario previamente registrado debido a que la expiración de sesión no está forzada. • http://www.ibm.com/support/docview.wss?uid=swg21995754 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6044
https://notcve.org/view.php?id=CVE-2016-6044
01 Feb 2017 — IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. IBM Tivoli Storage Manager Operations Center podría permitir a un atacante autenticado para habilitar o deshabilitar la APRI REST de la aplicación, lo que puede permitir que el atacante viole la política de seguridad. • http://www.ibm.com/support/docview.wss?uid=swg21995754 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6045
https://notcve.org/view.php?id=CVE-2016-6045
01 Feb 2017 — IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Tivoli Storage Manager Operations Center es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario que confía en el sitio web. • http://www.ibm.com/support/docview.wss?uid=swg21995754 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2016-6046
https://notcve.org/view.php?id=CVE-2016-6046
01 Feb 2017 — IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Storage Manager Operations Center es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prev... • http://www.ibm.com/support/docview.wss?uid=swg21995754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.5EPSS: 0%CPEs: 66EXPL: 0CVE-2016-2894
https://notcve.org/view.php?id=CVE-2016-2894
03 Jul 2016 — IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. IBM Spectrum Protect (anteriormente Tivoli Storage Manager) 5.5 hasta la versión 6.3 en versiones anteriores a 6.3.2.6, 6.4 en versiones anteriores a 6.4.3.3 y 7.1 en versiones anteriores a 7.1.6 pe... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2015-7408
https://notcve.org/view.php?id=CVE-2015-7408
15 Feb 2016 — The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority. El servidor en IBM Spectrum Protect (también conocido como Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.5.1 y 7.x en versiones anteriores a 7.1.4 no restringe adecuadamente el uso de la opción ASNODENAME, lo que permite a atacantes... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2015-7404
https://notcve.org/view.php?id=CVE-2015-7404
14 Nov 2015 — IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-4927
https://notcve.org/view.php?id=CVE-2015-4927
04 Nov 2015 — The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file. El componente Reporting and Monitoring en Tivoli Monitoring en IBM Tivoli Storage Manager 6.3 en versiones anteriores a 6.3.6 y 7.1 en versiones anteriores a 7.1.3 en Linux y AIX utiliza permisos de escritura para todos para archivos no especific... • http://www-01.ibm.com/support/docview.wss?uid=swg21969340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4818
https://notcve.org/view.php?id=CVE-2014-4818
24 Feb 2015 — dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors. dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x anterior a 6.4.3, y 7.1.x anterior a 7.1.2 permite a usuarios locales descubrir la contraseña de la clave del cifrado de backup/restore a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •