1. CVE-Search
  2. CVE-2013-6335
ID CVE-2013-6335
Summary The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.4.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:5.5.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
    cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
    cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
CVSS
Base: 3.3 (as of 29-10-2020 - 20:19)
Impact:
Exploitability:
CWE CWE-281
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:N
refmap via4
aixapar IC96095
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21680453
secunia 60482
xf ibm-tsm-cve20136335-info-disc(89054)
Last major update 29-10-2020 - 20:19
Published 26-08-2014 - 10:55
Last modified 29-10-2020 - 20:19
Back to Top