Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1570

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2003-1570
Last Modified 08 Apr 2009 12:20:35
Published 31 Mar 2009 02:24:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2003-1570

Summary

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."

Vulnerable Systems

Application

  • Ibm Tivoli Storage Manager 5.1.0

  • Ibm Tivoli Storage Manager 5.1.1

  • Ibm Tivoli Storage Manager 5.1.10

  • Ibm Tivoli Storage Manager 5.1.5

  • Ibm Tivoli Storage Manager 5.1.6

  • Ibm Tivoli Storage Manager 5.1.7

  • Ibm Tivoli Storage Manager 5.1.8

  • Ibm Tivoli Storage Manager 5.1.9

  • Ibm Tivoli Storage Manager 5.2.0

  • Ibm Tivoli Storage Manager 5.2.1

  • Ibm Tivoli Storage Manager 6.0


References

XF - tsm-consolemode-info-disclosure(49536)

VUPEN - ADV-2009-0881

BID - 34285

AIXAPAR - IC37554

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21375360

SECTRACK - 1021947

SECUNIA - 34498


Last Updated: 27 May 2016 10:38:25