IBM » Tivoli Storage Manager » 3.2.1 : Security Vulnerabilities, CVEs,

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.

The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.

The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors.

Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.

Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.

Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855.