Vulnerability Details : CVE-2013-6335
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
Exploit prediction scoring system (EPSS) score for CVE-2013-6335
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6335
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
3.3
|
LOW | AV:L/AC:M/Au:N/C:P/I:P/A:N |
3.4
|
4.9
|
NIST |
CWE ids for CVE-2013-6335
-
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6335
-
http://www-01.ibm.com/support/docview.wss?uid=swg21680453
IBM Security Bulletin: TSM client metadata local unauthorized access (CVE-2013-6335)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89054
IBM Tivoli Storage Manger information disclosure CVE-2013-6335 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095
IBM notice: The page you requested cannot be displayedBroken Link
Products affected by CVE-2013-6335
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*