Lucene search

MitreCVE-2003-1570

HistoryMar 31, 2009 - 6:24 p.m.

CVE-2003-1570

2009-03-3118:24:44

CWE-287

mitre

web.nvd.nist.gov

ibm

tivoli storage manager

tsm

unauthorized access

server console

session exposure

nvd

cve-2003-1570

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

56.8%

JSON

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to “session exposure.”

Affected configurations

Nvd

Node

ibmtivoli_storage_managerMatch5.1.0

ibmtivoli_storage_managerMatch5.1.1

ibmtivoli_storage_managerMatch5.1.5

ibmtivoli_storage_managerMatch5.1.6

ibmtivoli_storage_managerMatch5.1.7

ibmtivoli_storage_managerMatch5.1.8

ibmtivoli_storage_managerMatch5.1.9

ibmtivoli_storage_managerMatch5.1.10

ibmtivoli_storage_managerMatch5.2.0

ibmtivoli_storage_managerMatch5.2.1

ibmtivoli_storage_managerMatch6.0

VendorProductVersionCPE
ibmtivoli_storage_manager5.1.0cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.1cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.5cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.6cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.7cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.8cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.9cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.1.10cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.2.0cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager5.2.1cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager	5.1.0	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:::::::*
ibm	tivoli_storage_manager	5.1.1	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:::::::*
ibm	tivoli_storage_manager	5.1.5	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:::::::*
ibm	tivoli_storage_manager	5.1.6	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:::::::*
ibm	tivoli_storage_manager	5.1.7	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:::::::*
ibm	tivoli_storage_manager	5.1.8	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:::::::*
ibm	tivoli_storage_manager	5.1.9	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:::::::*
ibm	tivoli_storage_manager	5.1.10	cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:::::::*
ibm	tivoli_storage_manager	5.2.0	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:::::::*
ibm	tivoli_storage_manager	5.2.1	cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/34498

securitytracker.com/id?1021947

www-01.ibm.com/support/docview.wss?uid=swg21375360

www-1.ibm.com/support/docview.wss?uid=swg1IC37554

www.securityfocus.com/bid/34285

www.vupen.com/english/advisories/2009/0881

exchange.xforce.ibmcloud.com/vulnerabilities/49536

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

56.8%

JSON

Related for CVE-2003-1570