CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
56.8%
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to “session exposure.”
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_storage_manager | 5.1.0 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.1 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.5 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.6 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.7 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.8 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.9 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.1.10 | cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.2.0 | cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager | 5.2.1 | cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:* |