Vulnerability Details : CVE-2015-7408
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
Products affected by CVE-2015-7408
- cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7408
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7408
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
NIST |
CWE ids for CVE-2015-7408
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7408
-
http://www-01.ibm.com/support/docview.wss?uid=swg21975957
IBM Security Bulletin: IBM Tivoli Storage Manager ASNODENAME Vulnerability (CVE-2015-7408)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609
IBM IT13609: UNAUTHORIZED TIVOLI STORAGE MANAGER CLIENT SESSIONS USING ASNODENAME OPTION MAY RUN AS AUTHORIZED SESSIONS.Vendor Advisory
Jump to