Description
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21680453
Broken Link vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60482
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89054
Scores
EPSS
0.0034
EPSS Percentile
25.5%
Details
CWE
CWE-281
Status
published
Products (1)
ibm/tivoli_storage_manager
5.1 - 6.2.5.3
Published
Aug 26, 2014
Tracked Since
Feb 18, 2026