CVE-2013-5371

The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21662608	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86661
http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21662608	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86661

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:::::::*
	cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:::::::*

History

21 Nov 2024, 01:57

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21662608 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg21662608 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/86661 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/86661 -

Information

Published : 2014-01-23 19:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-5371

Mitre link : CVE-2013-5371

CVE.ORG link : CVE-2013-5371

JSON object : View

Products Affected

ibm

tivoli_storage_manager

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-5371", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-23T19:55:03.610", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92933", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21662608", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86661", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."}, {"lang": "es", "value": "El cliente en Tivoli Storage Manager (TSM) de IBM versiones 6.3.1 y 6.4.0 en Windows, no conserva los permisos del Sistema de Archivos Resistente (ReFS) en las operaciones de copia de seguridad y restauraci\u00f3n, lo que permite a los usuarios locales omitir las restricciones de acceso previstas por medio de las operaciones est\u00e1ndar del sistema de archivos."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "122C35D5-BF80-4DE4-861D-C7D6D4D56777"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E9FBE6-B342-43BD-BB32-650A87AB8EBA"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}