CVE-2016-2894

moderate-risk
Published 2016-07-03

IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.5/10 Low
LOCAL / HIGH complexity

Affected Products (20)

Affected Vendors

Ibm

References (8)

http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21985579
http://www.securityfocus.com/bid/91534
http://www.securitytracker.com/id/1036220
http://www-01.ibm.com/support/docview.wss?uid=swg1IT13686
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21985579
http://www.securityfocus.com/bid/91534
http://www.securitytracker.com/id/1036220
33
/ 100
moderate-risk
Severity 6/34 · Minimal
Exploitability 0/34 · Minimal
Exposure 27/34 · High