Skip to main content

Tivoli Storage Manager

33 CVEs product

Monthly

CVE-2018-1786 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Spectrum Protect Tivoli Storage Manager Spectrum Protect Manager For Virtual Environments Data Protection For Vmware +3
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-1550 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Denial Of Service Tivoli Storage Manager Tivoli Storage Manager For Space Management +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1378 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM VMware Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1339 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2017-1301 MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8937 CRITICAL PATCH Act Now

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-8939 MEDIUM This Month

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8916 MEDIUM PATCH This Month

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8940 HIGH PATCH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-8998 HIGH PATCH This Week

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM Tivoli Storage Manager
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2016-6110 MEDIUM PATCH This Month

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

VMware IBM Authentication Bypass Tivoli Storage Manager Tivoli Storage Manager For Virtual Environments Data Protection For Vmware
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-0371 MEDIUM PATCH This Month

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-6046 MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Storage Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6045 HIGH PATCH This Week

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Tivoli Storage Manager
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6044 MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-6043 HIGH PATCH This Week

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. Rated high severity (CVSS 7.0).

Session Fixation Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-5985 HIGH PATCH This Week

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM Tivoli Storage Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2894 LOW Monitor

IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2015-7408 LOW Monitor

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Privilege Escalation Tivoli Storage Manager
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2015-4951 MEDIUM PATCH This Month

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Tivoli Storage Manager
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2015-4927 HIGH This Week

The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Storage Manager
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-4818 LOW Monitor

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-6184 HIGH This Week

Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Memory Corruption Buffer Overflow Tivoli Storage Manager
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-6195 LOW PATCH Monitor

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS;. Rated low severity (CVSS 1.9).

Microsoft Java IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2014-6185 HIGH PATCH This Week

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Privilege Escalation Tivoli Storage Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-4813 MEDIUM PATCH This Month

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1,. Rated medium severity (CVSS 6.9).

IBM Race Condition Information Disclosure Tivoli Storage Manager
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4817 LOW Monitor

The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Storage Manager
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-6335 LOW Monitor

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and. Rated low severity (CVSS 3.3). No vendor patch available.

IBM HP Authentication Bypass Tivoli Storage Manager
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-0876 LOW PATCH Monitor

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow Java Microsoft +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5371 LOW Monitor

The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Tivoli Storage Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-2964 HIGH This Week

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Tivoli Storage Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-0472 MEDIUM PATCH This Month

The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure IBM Tivoli Storage Manager
NVD
CVSS 2.0
5.1
EPSS
0.4%
CVE-2013-0471 MEDIUM This Month

The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Tivoli Storage Manager
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

IBM Denial Of Service Spectrum Protect +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM VMware Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Storage Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

VMware IBM Authentication Bypass +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Storage Manager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Tivoli Storage Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. Rated high severity (CVSS 7.0).

Session Fixation Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM +1
NVD
EPSS 0% CVSS 2.5
LOW Monitor

IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 3.7
LOW Monitor

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Privilege Escalation Tivoli Storage Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Storage Manager
NVD
EPSS 0% CVSS 2.1
LOW Monitor

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Storage Manager
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS;. Rated low severity (CVSS 1.9).

Microsoft Java IBM +2
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Privilege Escalation Tivoli Storage Manager
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1,. Rated medium severity (CVSS 6.9).

IBM Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Storage Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and. Rated low severity (CVSS 3.3). No vendor patch available.

IBM HP Authentication Bypass +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow +3
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Tivoli Storage Manager
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure IBM Tivoli Storage Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Tivoli Storage Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy