Improper Restriction of ASNODENAME Option in IBM Spectrum Protect
CVE-2015-7408 · LOW Severity
AV:N/AC:H/AU:N/C:P/I:N/A:N
The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.
Learn more about our Cis Benchmark Audit For Ibm I.