CVE-2014-6195

Current Description

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.

Basic Data

PublishedFebruary 14, 2015
Last ModifiedSeptember 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-284
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score1.9
SeverityLOW
Exploitability Score3.4
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager7.1*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x64*
      2.3OSIbmLinux On Zseries******x64*
      2.3OSLinuxLinux Kernel******x64*
      2.3OSMicrosoftWindows********
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager5.5*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x86*
      2.3OSIbmLinux On Zseries******x86*
      2.3OSIbmZ/os********
      2.3OSLinuxLinux Kernel******x86*
      2.3OSMicrosoftWindows********
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager6.4*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x64*
      2.3OSIbmLinux On Zseries******x64*
      2.3OSMicrosoftWindows********
  • AND
    • OR - Configuration 4
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager6.1*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x64*
      2.3OSIbmAix******x86*
      2.3OSIbmLinux On Zseries******x64*
      2.3OSIbmLinux On Zseries******x86*
      2.3OSIbmZ/os********
      2.3OSLinuxLinux Kernel******x86*
      2.3OSMicrosoftWindows********
      2.3OSOracleSolaris******sparc*
  • AND
    • OR - Configuration 5
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager5.4*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x86*
      2.3OSIbmZ/os********
      2.3OSLinuxLinux Kernel******x86*
      2.3OSMicrosoftWindows********
      2.3OSOracleSolaris******sparc*
  • AND
    • OR - Configuration 6
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager6.3*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x64*
      2.3OSIbmLinux On Zseries******x64*
  • AND
    • OR - Configuration 7
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmTivoli Storage Manager6.2*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSIbmAix******x64*
      2.3OSIbmAix******x86*
      2.3OSIbmLinux On Zseries******x64*
      2.3OSLinuxLinux Kernel******x86*
      2.3OSMicrosoftWindows********
      2.3OSOracleSolaris******sparc*

Vulnerable Software List

VendorProductVersions
Ibm Tivoli Storage Manager 5.4, 5.5, 6.1, 6.2, 6.3, 6.4, 7.1

References

NameSourceURLTags
IT04249http://www-01.ibm.com/support/docview.wss?uid=swg1IT04249AIXAPARVendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695183http://www-01.ibm.com/support/docview.wss?uid=swg21695183CONFIRMPATCH Vendor Advisory
ibm-tsm-cve20146195-sec-bypass(98607)https://exchange.xforce.ibmcloud.com/vulnerabilities/98607XF