Improper Restriction of ASNODENAME Option in IBM Spectrum Protect

Improper Restriction of ASNODENAME Option in IBM Spectrum Protect

CVE-2015-7408 · LOW Severity

AV:N/AC:H/AU:N/C:P/I:N/A:N

The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority.

Learn more about our Cis Benchmark Audit For Ibm I.