Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tivoli_storage_manager | Ibm | 6.4.1 (including) | 6.4.1 (including) |
| Tivoli_storage_manager | Ibm | 6.4.1.1 (including) | 6.4.1.1 (including) |
| Tivoli_storage_manager | Ibm | 6.4.2 (including) | 6.4.2 (including) |
| Tivoli_storage_manager | Ibm | 6.4.2.1 (including) | 6.4.2.1 (including) |
| Tivoli_storage_manager | Ibm | 6.4.2.2 (including) | 6.4.2.2 (including) |
| Tivoli_storage_manager | Ibm | 6.4.2.3 (including) | 6.4.2.3 (including) |
| Tivoli_storage_manager | Ibm | 6.4.2.4 (including) | 6.4.2.4 (including) |
| Tivoli_storage_manager | Ibm | 7.1 (including) | 7.1 (including) |
| Tivoli_storage_manager | Ibm | 7.1.0.1 (including) | 7.1.0.1 (including) |
| Tivoli_storage_manager | Ibm | 7.1.0.2 (including) | 7.1.0.2 (including) |
| Tivoli_storage_manager | Ibm | 7.1.1.1 (including) | 7.1.1.1 (including) |
| Tivoli_storage_manager | Ibm | 7.1.1.2 (including) | 7.1.1.2 (including) |
| Tivoli_storage_manager | Ibm | 7.1.3 (including) | 7.1.3 (including) |
| Tivoli_storage_manager | Ibm | 7.1.3.1 (including) | 7.1.3.1 (including) |
| Tivoli_storage_manager | Ibm | 7.1.3.2 (including) | 7.1.3.2 (including) |
| Tivoli_storage_manager | Ibm | 7.1.4 (including) | 7.1.4 (including) |
| Tivoli_storage_manager | Ibm | 7.1.4.1 (including) | 7.1.4.1 (including) |
| Tivoli_storage_manager | Ibm | 7.1.4.2 (including) | 7.1.4.2 (including) |
| Tivoli_storage_manager | Ibm | 7.1.7 (including) | 7.1.7 (including) |
Such a scenario is commonly observed when: