Lucene search

MitreCVE-2009-1522

HistoryMay 05, 2009 - 5:30 p.m.

CVE-2009-1522

2009-05-0517:30:00

mitre

web.nvd.nist.gov

ibm

tivoli

storage manager

tsm

ssl

vulnerability

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

70.9%

JSON

The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.

Affected configurations

Nvd

Node

ibmtivoli_storage_manager_clientMatch5.5.0.0

ibmtivoli_storage_manager_clientMatch5.5.0.91

ibmtivoli_storage_manager_clientMatch5.5.1

ibmtivoli_storage_manager_clientMatch5.5.1.17

AND

ibmaix

microsoftwindows

VendorProductVersionCPE
ibmtivoli_storage_manager_client5.5.0.0cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.0.0:*:*:*:*:*:*:*
ibmtivoli_storage_manager_client5.5.0.91cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.0.91:*:*:*:*:*:*:*
ibmtivoli_storage_manager_client5.5.1cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager_client5.5.1.17cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.1.17:*:*:*:*:*:*:*
ibmaix*cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager_client	5.5.0.0	cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.0.0:::::::*
ibm	tivoli_storage_manager_client	5.5.0.91	cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.0.91:::::::*
ibm	tivoli_storage_manager_client	5.5.1	cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.1:::::::*
ibm	tivoli_storage_manager_client	5.5.1.17	cpe:2.3:a:ibm:tivoli_storage_manager_client:5.5.1.17:::::::*
ibm	aix	*	cpe:2.3:o:ibm:aix::::::::
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::

References

osvdb.org/54235

secunia.com/advisories/32604

www-01.ibm.com/support/docview.wss?uid=swg21384389

www-1.ibm.com/support/docview.wss?uid=swg1IC59781

www.vupen.com/english/advisories/2009/1235

exchange.xforce.ibmcloud.com/vulnerabilities/50330

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

70.9%

JSON

Related for CVE-2009-1522