CVE-2017-1301 - Vulnerability Details

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Tivoli Storage Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tivoli_storage_manager:6.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.6:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg22006248
http://www.securityfocus.com/bid/101107
https://exchange.xforce.ibmcloud.com/vulnerabilities/125163

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2017-10-05T17:00:00Z

Updated: 2024-09-17T01:56:53.219Z

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1301

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-05T17:29:00.297

Modified: 2024-11-21T03:21:40.467

Link: CVE-2017-1301

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spectrum Protect", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.1"}, {"status": "affected", "version": "8.1"}]}], "datePublic": "2017-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-06T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"}, {"name": "101107", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101107"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-10-02T00:00:00", "ID": "CVE-2017-1301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spectrum Protect", "version": {"version_data": [{"version_value": "7.1"}, {"version_value": "8.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=swg22006248", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"}, {"name": "101107", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101107"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:32:29.321Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"}, {"name": "101107", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101107"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1301", "datePublished": "2017-10-05T17:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-17T01:56:53.219Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E11F79C4-D61F-481B-9BDC-ADEDE1494AAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76EC7D2D-4B0A-4CDF-A523-85ABEF05D211", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2C7DD9CE-0E95-45BB-9BB5-07652C9FD6C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F3F3288-4280-43DA-B6E4-8240137105AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "90CAA216-D0B3-4ECB-8BBE-5288DE590DE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "10524DD7-E9F2-498C-93F1-54F2C47AAEBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "863D87DB-64FD-4C97-9CAD-48ED2A298FA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "295AD957-904D-4917-BCDD-27E5E4AD9E27", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "DF7DA554-D2AE-45FF-AEB9-551F9AD9C9B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "C05C02E3-24CC-496C-912E-951A1541F7AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "45172E20-5E12-435E-815F-D543C9B6BD41", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9625017C-311D-423A-BFF8-AEB4CE7766FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3538EBB1-A960-4CE7-B07D-17CAFF9F3564", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "19A53C1A-0B43-4EB8-B489-742AAD1D4379", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "92592FF3-70F2-4C48-A2A0-C5C8E8DCC649", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "DF7A543F-FD79-42C8-9DAF-2DD549926DDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A018347-E8E9-4CCC-B118-247D9064D768", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "D406098E-B724-4E5F-8B47-60B4FAE1B6AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "3707B2DD-1855-4094-B0B5-C1204EBB221C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "581F420E-BBA2-4302-B8A1-ED8BFE78155E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "26CE2C13-53F7-4A4D-9DDC-0E00B0263858", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "5BEFCB76-C69E-4168-9A2E-A258B7E44F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "7687A0AB-E864-4E23-8A5F-54AD38A69B84", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "F35C20CF-CB82-46D7-A4D0-FFD277B7ECB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B27F038-ADB0-4052-8264-C0816194DB1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "9D8E5AD5-EDF3-432E-A7F8-0D3E9ED91033", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*", "matchCriteriaId": "E9340DA0-29B3-4173-B2FB-F5FC5E99AC39", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CC9CE1A-7416-4F41-8699-693C161D8EE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F85BEAE-8583-4499-A06D-741C7528DFE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8092D853-0E6D-4104-B85B-92132D925DA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*", "matchCriteriaId": "AFD1F7B4-13EF-4CE4-807E-95249EAA3C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*", "matchCriteriaId": "DF714DF6-15DF-4BFD-A4F9-E9E9E333CFE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*", "matchCriteriaId": "069216F4-33F0-404C-8D39-B9D07F9CB4D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*", "matchCriteriaId": "7BAF55EE-E8B0-4715-B350-1A359B58AF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "906D67F5-DEC8-464D-BC4D-BAF223E72C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1A60ADB-D0D9-413D-96A7-4BFDF494CC75", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "212B26BB-0A19-41EB-811C-04C765374E8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*", "matchCriteriaId": "2C934CA2-8606-479E-AA9F-AB70E7BB30FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "53CF0089-B81D-4738-85AC-E728DF77FBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C71F01C8-C1BB-4E93-8AE8-A1B5131310B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C59C16BD-1CB8-47BB-8352-B1609798BB0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB3B365E-0505-4A43-90A6-811D39BB6262", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B880E34D-A9B4-4A64-B734-71ADC0588761", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*", "matchCriteriaId": "E6A07C8F-4DD0-4767-8A8F-A1721EBDE583", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*", "matchCriteriaId": "5D972077-A132-430D-97E6-8F0F8B0F79B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*", "matchCriteriaId": "4DC78448-7AD8-438B-8AFC-79B31FB706D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*", "matchCriteriaId": "6FC3FEDA-B353-4C31-A349-1A12F4FAF465", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8CA94D1-06FB-4C94-83FB-2BC52676BBDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "302756E5-F3E8-4F5E-90EA-A81A88DB55AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*", "matchCriteriaId": "D92EDDEE-1135-4EE7-972E-19471352E0A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C980FE7-8B2D-4ED4-A5BF-78615AD0F596", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD269C39-1070-44C3-B7FC-968C12A344E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F7AACC13-50CF-4229-B204-E30523A38721", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AC65208-F124-4D28-B5D8-3A3C774C82A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*", "matchCriteriaId": "E782420B-2A62-4537-88EB-1169C73AC21B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "998D4B2B-7563-4885-994F-D9F56D62F888", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE445AF2-0110-4BC0-B123-CC4C24F974B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF6D9FD2-9DD0-40E1-AD3D-A5ACBF7601DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C818A4D8-7F9C-417C-BA94-14F5A8692C1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163."}, {"lang": "es", "value": "IBM Spectrum Protect 7.1 y 8.1 podr\u00eda permitir que un atacante local realice un ataque symlink. IBM Spectrum Protect Backup-archive Client crea archivos temporales de manera no segura. Un atacante local podr\u00eda explotar esta vulnerabilidad creando un enlace simb\u00f3lico de un archivo temporal a varios archivos del sistema, lo que podr\u00eda permitir que el atacante sobrescriba archivos arbitrarios en el sistema con privilegios elevados. IBM X-Force ID: 125163."}], "id": "CVE-2017-1301", "lastModified": "2024-11-21T03:21:40.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-05T17:29:00.297", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101107"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125163"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object