The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Tivoli Storage Manager

computer vulnerability note CVE-2013-3976

IBM Tivoli Storage Manager for Mail: mailbox disclosure

Synthesis of the vulnerability

An attacker can request a mailbox to be restored via IBM Tivoli Storage Manager for Mail, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 27/03/2014.
Identifiers: 1644407, CVE-2013-3976, IC81223, VIGILANCE-VUL-14489.

Description of the vulnerability

The IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server product is used to restore users' PST mailboxes.

However, when two mailboxes are restored simultaneously, a user may receive the mailbox of another user.

An attacker can therefore request a mailbox to be restored via IBM Tivoli Storage Manager for Mail, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0050

Apache Tomcat: denial of service via Apache Commons FileUpload

Synthesis of the vulnerability

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, Domino, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, ePO, openSUSE, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 06/02/2014.
Revision date: 13/02/2014.
Identifiers: 1667254, 1676656, 1680564, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2015814, BID-65400, c05324755, CERTFR-2014-AVI-200, CERTFR-2014-AVI-282, CERTFR-2014-AVI-368, CERTFR-2014-AVI-382, cpuoct2016, CVE-2014-0050, DSA-2856-1, DSA-2897-1, FEDORA-2014-2175, FEDORA-2014-2183, HPSBGN03669, MDVSA-2014:056, MDVSA-2015:084, openSUSE-SU-2014:0527-1, openSUSE-SU-2014:0528-1, RHSA-2014:0252-01, RHSA-2014:0253-01, RHSA-2014:0373-01, RHSA-2014:0400-03, RHSA-2014:0401-02, RHSA-2014:0429-01, RHSA-2014:0452-01, RHSA-2014:0459-01, RHSA-2014:0473-01, RHSA-2014:0525-01, RHSA-2014:0526-01, RHSA-2014:0527-01, RHSA-2014:0528-01, RHSA-2015:1009, SB10079, SOL15189, SUSE-SU-2014:0548-1, USN-2130-1, VIGILANCE-VUL-14183, VMSA-2014-0007, VMSA-2014-0007.1, VMSA-2014-0007.2, VMSA-2014-0008, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Commons FileUpload component manages the file upload feature. It is included in Apache Tomcat.

The HTTP Content-Type header indicates the type of the query body. However, if the size of this header is larger than 4091 bytes, the fileupload/MultipartStream.java class indefinitely tries to store data in an array which is too short.

An attacker can therefore use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-6747

IBM GSKit: denial of service via SSL/TLS

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: DB2 UDB, Informix Server, Security Directory Server, SPSS Modeler, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 30/01/2014.
Identifiers: 1610582, 1662902, 1665137, 1668664, 1670524, 1671732, 1673696, 1674047, 1674824, 1674825, CVE-2013-6747, VIGILANCE-VUL-14158.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, a malformed certificate chain triggers an error.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-5371

IBM TSM: file access on ReFS

Synthesis of the vulnerability

A local attacker can access to files located on a ReFS file system restored by IBM TSM, in order to read or alter them.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 22/01/2014.
Identifiers: 1662608, BID-65102, CVE-2013-5371, IC92933, VIGILANCE-VUL-14119.

Description of the vulnerability

The ReFS (Resilient File System) file system is supported by Windows Server 2012 and 8.1.

However, when the Tivoli Storage Manager Windows Client restores a file on ReFS, its permissions are not restored.

A local attacker can therefore access to files located on a ReFS file system restored by IBM TSM, in order to read or alter them.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-5944

IBM Tivoli Storage Manager: access to data

Synthesis of the vulnerability

A local attacker can access to IBM Tivoli Storage Manager, in order to obtain sensitive information or to alter information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user account.
Creation date: 04/12/2013.
Identifiers: 1657726, BID-64146, CVE-2012-5944, IC82487, VIGILANCE-VUL-13864.

Description of the vulnerability

The IBM Tivoli Storage Manager product allows users to manage their data.

However, an attacker can access to data belonging to another user.

A local attacker can therefore access to IBM Tivoli Storage Manager, in order to obtain sensitive information or to alter information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-2964

IBM Tivoli Storage Manager: buffer overflow of dsmtca

Synthesis of the vulnerability

An attacker can generate a buffer overflow in dsmtca of IBM Tivoli Storage Manager, in order to trigger a denial of service, and possibly to elevate his privileges.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 02/10/2013.
Identifiers: 1651120, CVE-2013-2964, VIGILANCE-VUL-13514.

Description of the vulnerability

The IBM Tivoli Storage Manager suite installs the dsmtca (Trusted Communications Agent) program (/usr/bin/dsmtca, $DSMI_DIR/dsmtca).

However, if the size of dsmtca data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow in dsmtca of IBM Tivoli Storage Manager, in order to trigger a denial of service, and possibly to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0169 CVE-2013-0462 CVE-2013-0482

IBM WebSphere AS 7.0: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM WebSphere AS 7.0.
Impacted products: Tivoli Storage Manager, WebSphere AS Traditional.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 25/06/2013.
Revision date: 03/07/2013.
Identifiers: 1671636, BID-57513, BID-59247, BID-59248, BID-59250, BID-59251, BID-59650, BID-61937, BID-61940, BID-61941, CVE-2013-0169, CVE-2013-0462, CVE-2013-0482, CVE-2013-0541, CVE-2013-0542, CVE-2013-0543, CVE-2013-0544, CVE-2013-1768, CVE-2013-2967, CVE-2013-2976, CVE-2013-3029, PM74909, PM75582, PM76582, PM76886, PM78614, PM79937, PM79992, PM81846, PM82468, PM85211, PM86780, PM86786, PM86788, PM86791, PM88746, swg21640799, swg24034966, VIGILANCE-VUL-13007.

Description of the vulnerability

Several vulnerabilities were announced in IBM WebSphere AS 7.0.

An attacker can generate a buffer overflow in WebSphere Identity Manager, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-59247, CVE-2013-0541, PM74909]

An attacker can use Local OS, in order to escalate his privileges on HP, Linux and Solaris. [severity:3/4; BID-59251, CVE-2013-0543, PM75582]

An attacker can spoof the signature of WS-Security SOAP messages. [severity:2/4; BID-59650, CVE-2013-0482, PM76582]

An attacker can bypass security restrictions, in order to access to resources. [severity:3/4; BID-57513, CVE-2013-0462, PM76886, PM79937]

An attacker can trigger a Cross Site Scripting in the administration console, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-61941, CVE-2013-2967, PM78614]

An attacker can use an error in the cache management of the administration console, in order to obtain sensitive information. [severity:2/4; BID-61940, CVE-2013-2976, PM79992]

An attacker can trigger a Cross Site Scripting in Administrative Console, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59248, CVE-2013-0542, PM81846]

An attacker can traverse directories on Unix, in order to read a file. [severity:2/4; BID-59250, CVE-2013-0544, PM82468]

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session (VIGILANCE-VUL-12374). [severity:1/4; CVE-2013-0169, PM85211]

An attacker can deserialize an OpenJPA object, in order to create an executable file on the system (VIGILANCE-VUL-25898). [severity:2/4; CVE-2013-1768, PM86780, PM86786, PM86788, PM86791]

An attacker can trigger a Cross Site Request Forgery in WebSphere AS, in order to force the victim to perform operations. [severity:3/4; BID-61937, CVE-2013-3029, PM88746]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-2161

IBM Eclipse Help System: Cross Site Scripting via iehs.war

Synthesis of the vulnerability

An attacker can use iehs.war to generate a Cross Site Scripting in several IBM products, in order to execute JavaScript code in the context of the victim's web browser.
Impacted products: DB2 UDB, SPSS Data Collection, Tivoli Storage Manager, WebSphere AS Traditional.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/06/2012.
Revisions dates: 17/12/2012, 20/12/2012, 06/05/2013.
Identifiers: BID-54051, CERTA-2012-AVI-391, CERTA-2012-AVI-521, CERTA-2012-AVI-742, CVE-2012-2159-ERROR, CVE-2012-2161, PM62795, swg21596690, swg21612193, swg21620352, swg27022958, swg27036319, VIGILANCE-VUL-11687.

Description of the vulnerability

Several IBM products uses help files, which are displayed through the IBM Eclipse Help System viewer, provided by iehs.war.

However, an attacker can use iehs.war to generate a Cross Site Scripting, in order to execute JavaScript code in the context of the victim's web browser.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-0169 CVE-2013-1619 CVE-2013-1620

TLS, DTLS: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Bouncy Castle JCE, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, Juniper SBR, Mandriva Linux, McAfee Email and Web Security, ePO, MySQL Enterprise, NetScreen Firewall, ScreenOS, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Opera, Java Oracle, Solaris, pfSense, SSL protocol, RHEL, JBoss EAP by Red Hat, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Consequences: data reading.
Provenance: LAN.
Number of vulnerabilities in this bulletin: 7.
Creation date: 05/02/2013.
Identifiers: 1639354, 1643316, 1672363, BID-57736, BID-57774, BID-57776, BID-57777, BID-57778, BID-57780, BID-57781, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-109, CERTA-2013-AVI-339, CERTA-2013-AVI-454, CERTA-2013-AVI-543, CERTA-2013-AVI-657, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-286, CERTFR-2019-AVI-311, CERTFR-2019-AVI-325, CVE-2013-0169, CVE-2013-1619, CVE-2013-1620, CVE-2013-1621, CVE-2013-1622-REJECT, CVE-2013-1623, CVE-2013-1624, DLA-1518-1, DSA-2621-1, DSA-2622-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, ESXi410-201307001, ESXi410-201307401-SG, ESXi510-201401101-SG, FEDORA-2013-2110, FEDORA-2013-2128, FEDORA-2013-2764, FEDORA-2013-2793, FEDORA-2013-2813, FEDORA-2013-2834, FEDORA-2013-2892, FEDORA-2013-2929, FEDORA-2013-2984, FEDORA-2013-3079, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, GNUTLS-SA-2013-1, HPSBUX02856, HPSBUX02909, IC90385, IC90395, IC90396, IC90397, IC90660, IC93077, JSA10575, JSA10580, JSA10759, JSA10939, Lucky 13, MDVSA-2013:014, MDVSA-2013:018, MDVSA-2013:019, MDVSA-2013:040, MDVSA-2013:050, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2013:0807-1, openSUSE-SU-2016:0640-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0587-01, RHSA-2013:0588-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1135-01, RHSA-2013:1144-01, RHSA-2013:1181-01, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0371-01, RHSA-2014:0372-01, RHSA-2014:0896-01, RHSA-2015:1009, SOL14190, SOL15630, SSA:2013-040-01, SSA:2013-042-01, SSA:2013-242-01, SSA:2013-242-03, SSA:2013-287-03, SSA-556833, SSRT101104, SSRT101289, SUSE-SU-2013:0328-1, SUSE-SU-2014:0320-1, SUSE-SU-2014:0322-1, swg21633669, swg21638270, swg21639354, swg21640169, VIGILANCE-VUL-12374, VMSA-2013-0006.1, VMSA-2013-0007.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2, VMSA-2013-0009.3, VMSA-2013-0015.

Description of the vulnerability

The TLS protocol uses a block encryption algorithm. In CBC (Cipher Block Chaining) mode, the encryption depends on the previous block.

When an incorrect encrypted message is received, a fatal error message is sent to the sender. However, the duration of the generation of this error message depends on the number of valid bytes, used by a MAC hash.

An attacker can therefore inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.

In order to guess a clear block, 2^23 TLS sessions are required. So, to exploit this vulnerability, the TLS client has to permanently open a new session, as soon as the previous one ended with a fatal error.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0472

IBM TSM: file access via Client Web GUI

Synthesis of the vulnerability

An attacker can use a vulnerability of IBM TSM Client Web GUI, in order to access to server files.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 01/02/2013.
Identifiers: BID-57738, CERTA-2013-AVI-095, CVE-2013-0472, IC87210, swg21624118, VIGILANCE-VUL-12367.

Description of the vulnerability

An attacker can use a vulnerability of IBM TSM Client Web GUI, in order to access to server files.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Tivoli Storage Manager: