Detections
Analytics

Tivoli Storage Manager Server Unauthorized Backup File Displacement

low Nessus Plugin ID 81493

Language:

Synopsis

The remote host is affected by a vulnerability which allows users to perform unauthorized actions.

Description

The remote host is running a version of IBM Tivoli Storage Manager server that is affected by a vulnerability that allows unauthorized users to trigger backup operations that can cause previously backed up files to be rolled off.

Note that this plugin does not check for the presence of any workarounds.

Solution

Apply the appropriate patch according to the vendor's advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21686874

Plugin Details

Severity: Low

ID: 81493

File Name: ibm_tsm_server_swg21686874.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 2/24/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager

Required KB Items: Settings/ParanoidReport, installed_sw/IBM Tivoli Storage Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 10/16/2014

Vulnerability Publication Date: 10/16/2014

Reference Information

CVE: CVE-2014-4817

BID: 71109