Vulnerability Details : CVE-2013-0472
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
Products affected by CVE-2013-0472
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0472
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0472
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2013-0472
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/81216
IBM Tivoli Storage Manager Web GUI authentication unauthorized access CVE-2013-0472 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC87210
IBM IC87210: TSM 6.3 AND 6.4 CLIENT HAS UNAUTHORIZED ACCESS VULNERABILITY
-
http://www-01.ibm.com/support/docview.wss?uid=swg21624118
IBM Security Bulletin: TSM Client Web GUI Unauthorized Access Vulnerability (CVE-2013-0472)Patch;Vendor Advisory
Jump to