CVE-2016-2894
LOWIBM Spectrum Protect 5.5-6.3 < 6.3.2.6, 6.4 < 6.4.3.3, 7.1 < 7.1.6 - Unauthorized Sensitive Data Exposure via Symlink
Title source: llmDescription
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21985579
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91534
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036220
Scores
CVSS v3
2.5
EPSS
0.0030
EPSS Percentile
22.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (50)
ibm/tivoli_storage_manager
5.5
ibm/tivoli_storage_manager
5.5.0
ibm/tivoli_storage_manager
5.5.2
ibm/tivoli_storage_manager
5.5.3
ibm/tivoli_storage_manager
5.5.4
ibm/tivoli_storage_manager
5.5.4.1
ibm/tivoli_storage_manager
5.5.4.2
ibm/tivoli_storage_manager
5.5.4.3
ibm/tivoli_storage_manager
6.1
ibm/tivoli_storage_manager
6.1.0
... and 40 more
Published
Jul 03, 2016
Tracked Since
Feb 18, 2026