3.5
CVE-2003-1570
- EPSS 1%
- Veröffentlicht 31.03.2009 18:24:44
- Zuletzt bearbeitet 16.06.2026 22:04:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Tivoli Storage Manager Version5.1.0
Ibm ≫ Tivoli Storage Manager Version5.1.1
Ibm ≫ Tivoli Storage Manager Version5.1.5
Ibm ≫ Tivoli Storage Manager Version5.1.6
Ibm ≫ Tivoli Storage Manager Version5.1.7
Ibm ≫ Tivoli Storage Manager Version5.1.8
Ibm ≫ Tivoli Storage Manager Version5.1.9
Ibm ≫ Tivoli Storage Manager Version5.1.10
Ibm ≫ Tivoli Storage Manager Version5.2.0
Ibm ≫ Tivoli Storage Manager Version5.2.1
Ibm ≫ Tivoli Storage Manager Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1% | 0.581 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/34498
http://securitytracker.com/id?1021947
http://www-01.ibm.com/support/docview.wss?uid=swg21375360
http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554
http://www.securityfocus.com/bid/34285
http://www.vupen.com/english/advisories/2009/0881
https://exchange.xforce.ibmcloud.com/vulnerabilities/49536