Files and directories restored using the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface on Windows may have incorrect permissions.
CVEID: CVE-2019-4093 DESCRIPTION: IBM Tivoli Storage Manager could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157981> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface version 8.1.7 on Windows.
Spectrum Protect Backup-Archive
Client Release
|
First Fixing
VRM Level
| Platform | APAR | Link to Fix
—|—|—|—|—
8.1.7 | 8.1.7.1 | Windows | IT28315 |
<http://www.ibm.com/support/docview.wss?uid=swg24043653>
None.