2017-10-05 19:29:00 2017-10-25 22:03:36

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL
IBM Tivoli Storage Manager 6.1 IBM Tivoli Storage Manager 6.1.0 IBM Tivoli Storage Manager 6.1.1 IBM Tivoli Storage Manager 6.1.2 IBM Tivoli Storage Manager 6.1.3 IBM Tivoli Storage Manager 6.1.4 IBM Tivoli Storage Manager 6.1.5 IBM Tivoli Storage Manager 6.1.5.4 IBM Tivoli Storage Manager 6.1.5.5 IBM Tivoli Storage Manager 6.1.5.6 IBM Tivoli Storage Manager 6.2.0 IBM Tivoli Storage Manager 6.2.1 IBM Tivoli Storage Manager 6.2.2 IBM Tivoli Storage Manager 6.2.3 IBM Tivoli Storage Manager 6.2.4 IBM Tivoli Storage Manager 6.3 IBM Tivoli Storage Manager 6.3.0.5 IBM Tivoli Storage Manager 6.3.0.15 IBM Tivoli Storage Manager 6.3.0.17 IBM Tivoli Storage Manager 6.3.1 IBM Tivoli Storage Manager 6.3.1.2 IBM Tivoli Storage Manager 6.3.2.2 Ibm Tivoli storage manager 6.3.3 (not an official CPE) Ibm Tivoli storage manager 6.3.4 (not an official CPE) Ibm Tivoli storage manager 6.3.5 (not an official CPE) Ibm Tivoli storage manager 6.3.5.1 (not an official CPE) Ibm Tivoli storage manager 6.3.6 (not an official CPE) Ibm Tivoli storage manager 6.3.6.100 (not an official CPE) Ibm Tivoli storage manager 6.4.1 (not an official CPE) Ibm Tivoli storage manager 6.4.1.0 (not an official CPE) Ibm Tivoli storage manager 6.4.2 (not an official CPE) Ibm Tivoli storage manager 6.4.2.100 (not an official CPE) Ibm Tivoli storage manager 6.4.2.200 (not an official CPE) Ibm Tivoli storage manager 6.4.2.500 (not an official CPE) Ibm Tivoli storage manager 6.4.2.600 (not an official CPE) Ibm Tivoli storage manager 6.4.3 (not an official CPE) Ibm Tivoli storage manager 6.4.3.1 (not an official CPE) IBM Tivoli Storage Manager 7.1 Ibm Tivoli storage manager 7.1..5.100 (not an official CPE) IBM Tivoli Storage Manager 7.1.0.1 IBM Tivoli Storage Manager 7.1.0.2 IBM Tivoli Storage Manager 7.1.0.3 IBM Tivoli Storage Manager 7.1.1 IBM Tivoli Storage Manager 7.1.1.1 Ibm Tivoli storage manager 7.1.1.2 (not an official CPE) Ibm Tivoli storage manager 7.1.1.100 (not an official CPE) Ibm Tivoli storage manager 7.1.1.200 (not an official CPE) Ibm Tivoli storage manager 7.1.1.300 (not an official CPE) Ibm Tivoli storage manager 7.1.3 (not an official CPE) Ibm Tivoli storage manager 7.1.3.000 (not an official CPE) Ibm Tivoli storage manager 7.1.3.1 (not an official CPE) Ibm Tivoli storage manager 7.1.3.2 (not an official CPE) Ibm Tivoli storage manager 7.1.3.100 (not an official CPE) Ibm Tivoli storage manager 7.1.4 (not an official CPE) Ibm Tivoli storage manager 7.1.4.1 (not an official CPE) Ibm Tivoli storage manager 7.1.4.2 (not an official CPE) Ibm Tivoli storage manager 7.1.5 (not an official CPE) Ibm Tivoli storage manager 7.1.5.200 (not an official CPE) Ibm Tivoli storage manager 7.1.6 (not an official CPE) Ibm Tivoli storage manager 7.1.6.6 (not an official CPE) Ibm Tivoli storage manager 8.1.0 (not an official CPE) Ibm Tivoli storage manager 8.1.0.2 (not an official CPE)