Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-6335

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Published

2014-08-26T10:55:04.073

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:N

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

3.4

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-281
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm tivoli_storage_manager < 6.2.5.3 Yes
Application ibm tivoli_storage_manager < 6.3.2 Yes
Application ibm tivoli_storage_manager < 6.4.2 Yes
Application ibm tivoli_storage_manager < 7.1.0.3 Yes
Operating System ibm aix - No
Operating System linux linux_kernel - No
Application ibm tivoli_storage_manager < 6.1.5.6 Yes
Operating System hp hp-ux - No
Operating System oracle solaris - No
References