3.5

CVE-2003-1570

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmTivoli Storage Manager Version5.1.0
IbmTivoli Storage Manager Version5.1.1
IbmTivoli Storage Manager Version5.1.5
IbmTivoli Storage Manager Version5.1.6
IbmTivoli Storage Manager Version5.1.7
IbmTivoli Storage Manager Version5.1.8
IbmTivoli Storage Manager Version5.1.9
IbmTivoli Storage Manager Version5.1.10
IbmTivoli Storage Manager Version5.2.0
IbmTivoli Storage Manager Version5.2.1
IbmTivoli Storage Manager Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1% 0.581
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/34498
Vendor Advisory
http://securitytracker.com/id?1021947
http://www-01.ibm.com/support/docview.wss?uid=swg21375360
http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554
Vendor Advisory
http://www.securityfocus.com/bid/34285
http://www.vupen.com/english/advisories/2009/0881
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49536