| Title | IBM TSM for Mail の TSM バックアップ/アーカイブ・クライアントにおける認証を回避される脆弱性 |
|---|---|
| Summary | IBM Tivoli Storage Manager (TSM) for Mail の TSM バックアップ/アーカイブ・クライアントの (1) Java GUI および (2) Web GUI コンポーネントには、Data Protection for Lotus Domino を使用している場合、認証を回避される、および Domino データベースまたはトランザクションログのバックアップを復元される脆弱性が存在します。 補足情報 : CWE による脆弱性タイプは、CWE-284: Improper Access Control (不適切なアクセス制御) と識別されています。 http://cwe.mitre.org/data/definitions/284.html |
| Possible impacts | ローカルユーザにより、認証を回避される、および Domino データベースまたはトランザクションログのバックアップを復元される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 7, 2014, midnight |
| Registration Date | Feb. 19, 2015, 4:39 p.m. |
| Last Update | Feb. 19, 2015, 4:39 p.m. |
| CVSS2.0 : 注意 | |
| Score | 1.9 |
|---|---|
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:N |
| IBM |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 5.4 (AIX、Linux x86、Solaris、Windows、z/OS) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 5.5.4.4 未満の 5.5 (AIX、Linux、Solaris) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 5.5.x (Windows、z/OS) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.1 (AIX、Linux、Solaris、Windows) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.1.5.7 未満の 6.1 (z/OS) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.2.5.2 未満の 6.2 (Windows) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.2.5.3 未満 (AIX、Linux x86) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.2.5.4 未満 (Linux Z、Solaris) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.3.2.1 未満の 6.3 (AIX) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.3.2.2 未満 (Windows) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.3.2.3 未満 (Linux Z) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 6.4.2.1 未満の 6.4 (AIX、Linux Z、Windows) |
| IBM Spectrum Protect (旧 Tivoli Storage Manager) for Mail 7.1.1 未満の 7.1 (AIX、Linux、Windows) |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2015年02月19日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors. |
|---|---|
| Publication Date | Feb. 14, 2015, 11:59 a.m. |
| Registration Date | Jan. 26, 2021, 3:16 p.m. |
| Last Update | Nov. 21, 2024, 11:13 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:* | ||||
| 2 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:* | ||||
| 3 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:* | ||||
| 4 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:* | ||||
| 2 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x86:* | ||||
| 3 | cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:* | ||||
| 5 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:* | ||||
| 2 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:* | ||||
| 3 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:* | ||||
| 2 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:* | ||||
| 3 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:* | ||||
| 4 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x86:* | ||||
| 5 | cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:* | ||||
| 6 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:* | ||||
| 7 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||
| 8 | cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:sparc:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:5.4:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:* | ||||
| 2 | cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:* | ||||
| 4 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||
| 5 | cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:sparc:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:* | ||||
| 2 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x64:* | ||||
| 2 | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:x86:* | ||||
| 3 | cpe:2.3:o:ibm:linux_on_ibm_z:*:*:*:*:*:*:x64:* | ||||
| 4 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:* | ||||
| 5 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||||
| 6 | cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:sparc:* | ||||