CVE-2017-1301

Опубликовано: 05 окт. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 3.6

EPSS Низкий

Описание

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22006248
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101107
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/125163
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22006248
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101107
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/125163
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.3.6.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.500:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.600:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:6.4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1..5.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:7.1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_storage_manager:8.1.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00103

Низкий

5.5 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-59

Связанные уязвимости

GHSA-fw7p-w2p7-vc8c