Symlink Vulnerability in IBM Spectrum Protect

Symlink Vulnerability in IBM Spectrum Protect

CVE-2016-2894 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.

Learn more about our User Device Pen Test.