IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote backup service is affected by an information disclosure
vulnerability.

Description :

The version of IBM Tivoli Storage Manager installed on the remote host
is 6.3.x prior to 6.3.4.200. It is, therefore, affected by a
vulnerability that could allow a remote attacker to perform a
statistical timing attack known as 'Lucky Thirteen'.

See also :

http://www.nessus.org/u?9986de60
http://www.nessus.org/u?002f4534

Solution :

Upgrade to IBM Tivoli Storage Manager 6.3.4.200 or later or disable
SSL.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.5
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 77120 ()

Bugtraq ID: 57778

CVE ID: CVE-2013-0169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now