IBM Tivoli Storage Manager Client Symlink Cross-User Information Disclosure

Low Nessus Plugin ID 91981


A client application installed on the remote Linux host is affected by a local information disclosure vulnerability.


The version of IBM Tivoli Storage Manager Client installed on the remote Linux host is 5.5.x prior to, 6.4.x prior to, or 7.1.x prior to 7.1.6. It is, therefore, affected by an information disclosure vulnerability due to creating temporary files insecurely. A local attacker can exploit this, via a symlink created during archive and retrieve actions, to disclose data from arbitrary accounts.


Upgrade to Tivoli Storage Manager Client version / / 7.1.6 or later.

See Also

Plugin Details

Severity: Low

ID: 91981

File Name: tivoli_storage_manager_client_716.nasl

Version: $Revision: 1.2 $

Type: local

Family: Misc.

Published: 2016/07/08

Modified: 2016/07/12

Dependencies: 81814

Risk Information

Risk Factor: Low


Base Score: 1.9

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_client

Required KB Items: installed_sw/Tivoli Storage Manager Client

Excluded KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/06/29

Vulnerability Publication Date: 2016/06/29

Reference Information

CVE: CVE-2016-2894

BID: 91534

OSVDB: 140756