Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-3976

Опубликовано: 26 мар. 2014
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:data_protection:6.1:*:*:*:*:exchange_server:*:*
cpe:2.3:a:ibm:data_protection:6.3:*:*:*:*:exchange_server:*:*
cpe:2.3:a:ibm:flashcopy_manager:2.1:*:*:*:*:exchange_server:*:*
cpe:2.3:a:ibm:flashcopy_manager:2.2:*:*:*:*:exchange_server:*:*
cpe:2.3:a:ibm:flashcopy_manager:3.1:*:*:*:*:exchange_server:*:*
cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_storage_manager_for_mail:-:*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00179
Низкий

2.1 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-9vcj-85jj-2rvv

github
больше 3 лет назад

The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.

EPSS

Процентиль: 40%
0.00179
Низкий

2.1 Low

CVSS2

Дефекты

CWE-264