Access Control Flaw in IBM Spectrum Control Allows Privilege Escalation
CVE-2016-5943

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Spectrum Control
Vendor
CVE Published:
26 September 2016

Summary

An access control vulnerability in IBM Spectrum Control (previously Tivoli Storage Productivity Center) versions prior to 5.2.11 enables remote authenticated users to bypass intended access restrictions. This flaw can allow them to access sensitive task details and modify properties through unspecified vectors, potentially leading to unauthorized actions and data exposure.

References

http://www.securityfocus.com/bid/93084
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21988625
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.