Information Disclosure Vulnerability in IBM Tivoli Storage Manager for Microsoft Exchange Server
CVE-2015-4950

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Storage Flashcopy Manager For Microsoft Exchange Server; Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server; Tivoli Storage Fastback For Microsoft Exchange
Vendor: CVE Published:; 23 August 2015

Summary

The mailbox-restore feature in IBM Tivoli Storage Manager for Mail allows remote authenticated users to gain access to sensitive information due to improper selection of mailboxes when duplicate alias names are present. This vulnerability affects multiple versions of the product, enabling unauthorized data exposure that could lead to further security risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04252

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04251

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21963629

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 23, 2015
Vulnerability Reserved
Jun 24, 2015