CyberSec.Space Logo
Back to CVE Browser

CVE-2013-6335

LOW
3.3
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile1.70th
PublishedAug 26, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Affected Platforms (CPE)

πŸ“¦
Ibm

Tivoli Storage Manager

>= 5.1 and < 6.2.5.3
πŸ“¦
Ibm

Tivoli Storage Manager

>= 6.3.0 and < 6.3.2
πŸ“¦
Ibm

Tivoli Storage Manager

>= 6.4.0 and < 6.4.2
πŸ“¦
Ibm

Tivoli Storage Manager

>= 7.1.0.0 and < 7.1.0.3
πŸ“¦
Ibm

Tivoli Storage Manager

>= 5.1 and < 6.1.5.6

References & Advisories

πŸ”— http://secunia.com/advisories/60482
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21680453
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/89054
πŸ”— http://secunia.com/advisories/60482
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21680453
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/89054

Related Vulnerabilities

CVE-2006-585510.0

Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause ...

CVE-2007-488010.0

Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5....

CVE-2003-136110.0

Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attack...

CVE-2008-024710.0

Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 befor...