CVE Vulnerabilities

CVE-2003-1570

Improper Authentication

Published: Mar 31, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to session exposure.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Tivoli_storage_manager Ibm 5.1.0 5.1.0
Tivoli_storage_manager Ibm 5.1.1 5.1.1
Tivoli_storage_manager Ibm 5.1.5 5.1.5
Tivoli_storage_manager Ibm 5.1.6 5.1.6
Tivoli_storage_manager Ibm 5.1.7 5.1.7
Tivoli_storage_manager Ibm 5.1.8 5.1.8
Tivoli_storage_manager Ibm 5.1.9 5.1.9
Tivoli_storage_manager Ibm 5.1.10 5.1.10
Tivoli_storage_manager Ibm 5.2.0 5.2.0
Tivoli_storage_manager Ibm 5.2.1 5.2.1
Tivoli_storage_manager Ibm 6.0 6.0

Potential Mitigations

References