CVE-2013-3976

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.

El (1) componente Data Protection para Exchange 6.1 anterior a 6.1.3.4 y 6.3 anterior a 6.3.1 en IBM Tivoli Storage Manager para Mail y el (2) componente FlashCopy Manager para Exchange 2.2 y 3.1 anterior a 3.1.1 en IBM Tivoli Storage FlashCopy Manager no limitan debidamente contenidos de buzón durante ciertas operaciones de restablecer PST, lo que permite a usuarios remotos autenticados leer el email personal de otros usuarios en circunstancias oportunistas mediante el lanzamiento de un cliente de email después de que un administrador realice un restablecimiento de múltiples buzones.

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-07 CVE Reserved
2014-03-26 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (3)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/84881	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg21644407	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Data Protection Search vendor "Ibm" for product "Data Protection"				6.1 Search vendor "Ibm" for product "Data Protection" and version "6.1"		exchange_server		Affected
Ibm Search vendor "Ibm"		Data Protection Search vendor "Ibm" for product "Data Protection"				6.3 Search vendor "Ibm" for product "Data Protection" and version "6.3"		exchange_server		Affected
Ibm Search vendor "Ibm"		Flashcopy Manager Search vendor "Ibm" for product "Flashcopy Manager"				2.1 Search vendor "Ibm" for product "Flashcopy Manager" and version "2.1"		exchange_server		Affected
Ibm Search vendor "Ibm"		Flashcopy Manager Search vendor "Ibm" for product "Flashcopy Manager"				2.2 Search vendor "Ibm" for product "Flashcopy Manager" and version "2.2"		exchange_server		Affected
Ibm Search vendor "Ibm"		Flashcopy Manager Search vendor "Ibm" for product "Flashcopy Manager"				3.1 Search vendor "Ibm" for product "Flashcopy Manager" and version "3.1"		exchange_server		Affected
Ibm Search vendor "Ibm"		Tivoli Storage Flashcopy Manager Search vendor "Ibm" for product "Tivoli Storage Flashcopy Manager"				-		-		Affected
Ibm Search vendor "Ibm"		Tivoli Storage Manager For Mail Search vendor "Ibm" for product "Tivoli Storage Manager For Mail"				-		-		Affected