Vulnerability Details : CVE-2013-3976
The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.
Products affected by CVE-2013-3976
- cpe:2.3:a:ibm:tivoli_storage_manager_for_mail:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_protection:6.3:*:*:*:*:exchange_server:*:*
- cpe:2.3:a:ibm:data_protection:6.1:*:*:*:*:exchange_server:*:*
- cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:flashcopy_manager:2.2:*:*:*:*:exchange_server:*:*
- cpe:2.3:a:ibm:flashcopy_manager:3.1:*:*:*:*:exchange_server:*:*
- cpe:2.3:a:ibm:flashcopy_manager:2.1:*:*:*:*:exchange_server:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3976
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3976
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:N/AC:H/Au:S/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-3976
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3976
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223
IBM IC81223: MAILBOX DATA IS SAVED TO THE WRONG .PST FILE WHEN RESTORING MULTIPLE MAILBOXES TO .PST FILES IN ONE COMMAND.
-
http://www-01.ibm.com/support/docview.wss?uid=swg21644407
IBM Security Bulletin: Possibility for Accidental Disclosure of Microsoft Exchange Mailboxes to Unauthorized Users (CVE-2013-3976)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84881
IBM Tivoli Storage Manager for Mail mailbox restore information disclosure CVE-2013-3976 Vulnerability Report
Jump to