CVE-2014-6195

EPSS 0.04%
Published 14.02.2015 02:59:01
Last modified 12.04.2025 10:46:40
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Tivoli Storage Manager Version7.1

   Ibm ≫ Aix HwPlatformx64
   Ibm ≫ Linux On Ibm Z HwPlatformx64
   Linux ≫ Linux Kernel HwPlatformx64
   Microsoft ≫ Windows

Ibm ≫ Tivoli Storage Manager Version5.5

   Ibm ≫ Aix HwPlatformx86
   Ibm ≫ Linux On Ibm Z HwPlatformx86
   Linux ≫ Linux Kernel HwPlatformx86
   Microsoft ≫ Windows

Ibm ≫ Tivoli Storage Manager Version6.4

   Ibm ≫ Aix HwPlatformx64
   Ibm ≫ Linux On Ibm Z HwPlatformx64
   Microsoft ≫ Windows

Ibm ≫ Tivoli Storage Manager Version6.1

   Ibm ≫ Aix HwPlatformx64
   Ibm ≫ Aix HwPlatformx86
   Ibm ≫ Linux On Ibm Z HwPlatformx64
   Ibm ≫ Linux On Ibm Z HwPlatformx86
   Linux ≫ Linux Kernel HwPlatformx86
   Microsoft ≫ Windows
   Oracle ≫ Solaris HwPlatformsparc

Ibm ≫ Tivoli Storage Manager Version5.4

   Ibm ≫ Aix HwPlatformx86
   Linux ≫ Linux Kernel HwPlatformx86
   Microsoft ≫ Windows
   Oracle ≫ Solaris HwPlatformsparc

Ibm ≫ Tivoli Storage Manager Version6.3

Ibm ≫ Aix HwPlatformx64
Ibm ≫ Linux On Ibm Z HwPlatformx64

Ibm ≫ Tivoli Storage Manager Version6.2

   Ibm ≫ Aix HwPlatformx64
   Ibm ≫ Aix HwPlatformx86
   Ibm ≫ Linux On Ibm Z HwPlatformx64
   Linux ≫ Linux Kernel HwPlatformx86
   Microsoft ≫ Windows
   Oracle ≫ Solaris HwPlatformsparc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.066

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:P/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21695183

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/98607

https://nvd.nist.gov/vuln/detail/CVE-2014-6195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6195

EUVD