Unauthorized access vulnerability in IBM Tivoli Storage Manager in IBM Tivoli Storage Manager - CVE-2016-2894
Published: July 4, 2016
Vulnerability identifier: #VU80
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-2894
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Tivoli Storage Manager
IBM Tivoli Storage Manager
Detailed vulnerability description
The vulnerability allows a local user to access arbitrary files on the target system.
The vulnerability exists due to access control error. A locl user can gain access to another user's files by sending specially craftad archive to the target user.
Successful exploitation of this vulnerability may result in disclosure of system information,
The vulnerability exists due to access control error. A locl user can gain access to another user's files by sending specially craftad archive to the target user.
Successful exploitation of this vulnerability may result in disclosure of system information,
How to mitigate CVE-2016-2894
IBM has issued a fix (6.3.2.6, 6.4.3.3, 7.1.6; APAR IT13686).