Information Disclosure in IBM Tivoli Storage Manager for Mail and FlashCopy Manager
CVE-2013-3976

Currently unrated

Key Information:

Vendor: IBM
Status: Flashcopy Manager; Tivoli Storage Manager For Mail; Data Protection; Tivoli Storage Flashcopy Manager
Vendor: CVE Published:; 26 March 2014

Summary

The Data Protection for Exchange component in IBM Tivoli Storage Manager for Mail, as well as the FlashCopy Manager for Exchange, fail to adequately restrict access to mailbox contents during certain PST restore operations. When an administrator executes a multiple-mailbox restore, remote authenticated users could potentially access and read the personal emails of other individuals. This vulnerability arises due to the inadequate constraints placed on mailbox contents, particularly when an email client is initiated post-restore, creating opportunistic circumstances for unauthorized access.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/84881

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21644407

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 26, 2014
Vulnerability Reserved
Jun 7, 2013