CVE-2015-7408

{"id": "CVE-2015-7408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2016-02-15T02:59:10.450", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."}, {"lang": "es", "value": "El servidor en IBM Spectrum Protect (tambi\u00e9n conocido como Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.5.1 y 7.x en versiones anteriores a 7.1.4 no restringe adecuadamente el uso de la opci\u00f3n ASNODENAME, lo que permite a atacantes remotos leer o escribir en datos de copia de seguridad mediante el aprovechamiento de la autoridad proxy."}], "lastModified": "2024-11-21T02:36:44.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7176DF47-ECA5-4B7B-96E7-D1BE0C247E1A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1454B08E-F417-4746-A8ED-E1C120DFEA98"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36868EC3-6E63-4309-AD58-F1AE83951FDD"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC69F2F4-0DD3-4BD8-8591-F0BCD99FBD60"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09BD0061-3DB5-4479-8624-4242FB1AF42A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5999622E-68F7-4273-BAB7-0B07DCB78163"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}