{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-02-15T02:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IT13609", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-7408", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IT13609", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:27.333Z"}, "title": "CVE Program Container", "references": [{"name": "IT13609", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-7408", "datePublished": "2016-02-15T02:00:00.000Z", "dateReserved": "2015-09-29T00:00:00.000Z", "dateUpdated": "2024-08-06T07:51:27.333Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7176DF47-ECA5-4B7B-96E7-D1BE0C247E1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1454B08E-F417-4746-A8ED-E1C120DFEA98", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "476EE4EA-A032-49EF-9A4C-37D8AD642130", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "36868EC3-6E63-4309-AD58-F1AE83951FDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC69F2F4-0DD3-4BD8-8591-F0BCD99FBD60", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "09BD0061-3DB5-4479-8624-4242FB1AF42A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5999622E-68F7-4273-BAB7-0B07DCB78163", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."}, {"lang": "es", "value": "El servidor en IBM Spectrum Protect (tambi\u00e9n conocido como Tivoli Storage Manager) 5.5 y 6.x en versiones anteriores a 6.3.5.1 y 7.x en versiones anteriores a 7.1.4 no restringe adecuadamente el uso de la opci\u00f3n ASNODENAME, lo que permite a atacantes remotos leer o escribir en datos de copia de seguridad mediante el aprovechamiento de la autoridad proxy."}], "id": "CVE-2015-7408", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-15T02:59:10.450", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}