CVE-2014-4817

critical

Description

The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95444

http://www-01.ibm.com/support/docview.wss?uid=swg21686874

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04884

Details

Source: Mitre, NVD

Published: 2014-11-18

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical