CVE-2015-4950 - Vulnerability Details

Vendors	Products
Ibm	Tivoli Storage Fastback For Microsoft Exchange Tivoli Storage Flashcopy Manager For Microsoft Exchange Server Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252
http://www-01.ibm.com/support/docview.wss?uid=swg21963629
http://www.securitytracker.com/id/1033652

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-06T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IT04252", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252"}, {"name": "IT04251", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629"}, {"name": "1033652", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033652"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-4950", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IT04252", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252"}, {"name": "IT04251", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629"}, {"name": "1033652", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033652"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:31.890Z"}, "title": "CVE Program Container", "references": [{"name": "IT04252", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252"}, {"name": "IT04251", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629"}, {"name": "1033652", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033652"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-4950", "datePublished": "2015-08-23T14:00:00", "dateReserved": "2015-06-24T00:00:00", "dateUpdated": "2024-08-06T06:32:31.890Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-08-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-06T18:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : IT04252 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252 (string)

}

1 : { »

name : IT04251 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21963629 (string)

}

3 : { »

name : 1033652 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1033652 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2015-4950 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : IT04252 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252 (string)

}

1 : { »

name : IT04251 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251 (string)

}

2 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21963629 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21963629 (string)

}

3 : { »

name : 1033652 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1033652 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:32:31.890Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : IT04252 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252 (string)

}

1 : { »

name : IT04251 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21963629 (string)

}

3 : { »

name : 1033652 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1033652 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2015-4950 (string)

datePublished : 2015-08-23T14:00:00 (string)

dateReserved : 2015-06-24T00:00:00 (string)

dateUpdated : 2024-08-06T06:32:31.890Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_fastback_for_microsoft_exchange:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "844CCE00-B098-432C-85C7-B98C6FF0003B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "509704C7-A2F0-47DE-859B-00F77CA22B27", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B1F5CC5-2A7F-4CC4-8CA2-95BA3933B42B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CA5985C-FC33-4DE0-82D6-66E4CB00F3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "51A513FE-4975-49F7-91B4-9614855F6754", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D515C201-2243-4459-8110-5707A3B016EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FC12F3-39C7-49FD-BB60-7C21607C77DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "881ACFC0-4354-448A-A9BB-2F5BB72358C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC6978D5-4AF1-48D6-A7D5-E0158F4C8DE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "24E7AD18-232C-4996-931F-72545CB38B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "B5124F05-4C0E-422A-8CB3-E93826767ACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "144ED09E-DE01-450C-84DF-DEFE9E6EE48B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1B8D631-0EBE-47AB-AACA-9A0BA1077C1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D76E0E49-1486-4518-BD46-826786BAA937", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B3CB08F-D41F-4441-9078-2C9E68EC2EDD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name."}, {"lang": "es", "value": "Vulnerabilidad en la aplicaci\u00f3n del restablecimiento del buz\u00f3n de correo en IBM Tivoli Storage Manager for Mail: protecci\u00f3n de datos para Microsoft Exchange Server 6.1 en versiones anteriores a 6.1.3.6, 6.3 en versiones anteriores a 6.3.1.3, 6.4 en versiones anteriores a 6.4.1.4 y 7.1 en versiones anteriores a 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager para Microsoft Exchange Server 2.1, 2.2, 3.1 en versiones anteriores a 3.1.1.5, 3.2 en versiones anteriores a 3.2.1.7 y 4.1 en versiones anteriores a 4.1.1; y Tivoli Storage Manager FastBack para Microsoft Exchange 6.1 en versiones anteriores a 6.1.5.4 no asegura que sea seleccionado el buz\u00f3n de correo correcto, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de apodo duplicado."}], "id": "CVE-2015-4950", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-23T14:59:01.677", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1033652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033652"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_fastback_for_microsoft_exchange:6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 844CCE00-B098-432C-85C7-B98C6FF0003B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 509704C7-A2F0-47DE-859B-00F77CA22B27 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B1F5CC5-2A7F-4CC4-8CA2-95BA3933B42B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8CA5985C-FC33-4DE0-82D6-66E4CB00F3F7 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 51A513FE-4975-49F7-91B4-9614855F6754 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_microsoft_exchange_server:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D515C201-2243-4459-8110-5707A3B016EC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 44FC12F3-39C7-49FD-BB60-7C21607C77DB (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 881ACFC0-4354-448A-A9BB-2F5BB72358C3 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : EC6978D5-4AF1-48D6-A7D5-E0158F4C8DE3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 24E7AD18-232C-4996-931F-72545CB38B3A (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B5124F05-4C0E-422A-8CB3-E93826767ACF (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 144ED09E-DE01-450C-84DF-DEFE9E6EE48B (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4:*:*:*:*:*:*:* (string)

matchCriteriaId : C1B8D631-0EBE-47AB-AACA-9A0BA1077C1D (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:6.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D76E0E49-1486-4518-BD46-826786BAA937 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:ibm:tivoli_storage_manager_for_mail_data_protection_for_microsoft_exchange_server:7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9B3CB08F-D41F-4441-9078-2C9E68EC2EDD (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad en la aplicación del restablecimiento del buzón de correo en IBM Tivoli Storage Manager for Mail: protección de datos para Microsoft Exchange Server 6.1 en versiones anteriores a 6.1.3.6, 6.3 en versiones anteriores a 6.3.1.3, 6.4 en versiones anteriores a 6.4.1.4 y 7.1 en versiones anteriores a 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager para Microsoft Exchange Server 2.1, 2.2, 3.1 en versiones anteriores a 3.1.1.5, 3.2 en versiones anteriores a 3.2.1.7 y 4.1 en versiones anteriores a 4.1.1; y Tivoli Storage Manager FastBack para Microsoft Exchange 6.1 en versiones anteriores a 6.1.5.4 no asegura que sea seleccionado el buzón de correo correcto, lo que permite a usuarios remotos autenticados obtener información sensible a través de apodo duplicado. (string)

}

]

id : CVE-2015-4950 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-08-23T14:59:01.677 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21963629 (string)

}

3 : { »

source : psirt@us.ibm.com (string)

url : http://www.securitytracker.com/id/1033652 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21963629 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1033652 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object