CVE-2017-1301
MEDIUMIBM Spectrum Protect <8.1 - Local Privilege Escalation
Title source: llmDescription
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006248
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101107
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/125163
Scores
CVSS v3
5.5
EPSS
0.0036
EPSS Percentile
27.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (50)
IBM/Spectrum Protect
7.1
IBM/Spectrum Protect
8.1
ibm/tivoli_storage_manager
6.1
ibm/tivoli_storage_manager
6.1.0
ibm/tivoli_storage_manager
6.1.1
ibm/tivoli_storage_manager
6.1.2
ibm/tivoli_storage_manager
6.1.3
ibm/tivoli_storage_manager
6.1.4
ibm/tivoli_storage_manager
6.1.5
ibm/tivoli_storage_manager
6.1.5.4
... and 40 more
Published
Oct 05, 2017
Tracked Since
Feb 18, 2026