Tivoli Storage Manager
CVE-2013-6335
LOW
Severity by source
AV:L/AC:M/Au:N/C:P/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:P/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
AnalysisAI
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and. Rated low severity (CVSS 3.3). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-281. The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. Affected products include: Ibm Tivoli Storage Manager. Version information: before 6.2.5.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Tivoli Storage Manager
View allThe IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a bru
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker t
The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based B
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCe
IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buf
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state.
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 befor
Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to sessio
Same weakness CWE-281 – Improper Preservation of Permissions
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today