← Back

CVE-2017-1301

nvd nist
Published: Oct 5, 2017Modified: May 13, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

Affected (62)

Ibm
1 product
Tivoli Storage Manager
Configuration A
62 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Tivoli Storage Manager
Version 6.1.0
Tivoli Storage Manager
Version 6.1.1
Tivoli Storage Manager
Version 6.1.2
Tivoli Storage Manager
Version 6.1.3
Tivoli Storage Manager
Version 6.1.4
Tivoli Storage Manager
Version 6.1.5.4
Tivoli Storage Manager
Version 6.1.5.5
Tivoli Storage Manager
Version 6.1.5.6
Tivoli Storage Manager
Version 6.1.5
Tivoli Storage Manager
Version 6.1
Tivoli Storage Manager
Version 6.2.0
Tivoli Storage Manager
Version 6.2.1
Tivoli Storage Manager
Version 6.2.2
Tivoli Storage Manager
Version 6.2.3
Tivoli Storage Manager
Version 6.2.4
Tivoli Storage Manager
Version 6.3.0.15
Tivoli Storage Manager
Version 6.3.0.17
Tivoli Storage Manager
Version 6.3.0.5
Tivoli Storage Manager
Version 6.3.1.2
Tivoli Storage Manager
Version 6.3.1
Tivoli Storage Manager
Version 6.3.2.2
Tivoli Storage Manager
Version 6.3.3
Tivoli Storage Manager
Version 6.3.4
Tivoli Storage Manager
Version 6.3.5.1
Tivoli Storage Manager
Version 6.3.5
Tivoli Storage Manager
Version 6.3.6.100
Tivoli Storage Manager
Version 6.3.6
Tivoli Storage Manager
Version 6.3
Tivoli Storage Manager
Version 6.4.1.0
Tivoli Storage Manager
Version 6.4.1
Tivoli Storage Manager
Version 6.4.2.100
Tivoli Storage Manager
Version 6.4.2.200
Tivoli Storage Manager
Version 6.4.2.500
Tivoli Storage Manager
Version 6.4.2.600
Tivoli Storage Manager
Version 6.4.2
Tivoli Storage Manager
Version 6.4.3.1
Tivoli Storage Manager
Version 6.4.3
Tivoli Storage Manager
Version 7.1..5.100
Tivoli Storage Manager
Version 7.1.0.1
Tivoli Storage Manager
Version 7.1.0.2
Tivoli Storage Manager
Version 7.1.0.3
Tivoli Storage Manager
Version 7.1.1.100
Tivoli Storage Manager
Version 7.1.1.1
Tivoli Storage Manager
Version 7.1.1.200
Tivoli Storage Manager
Version 7.1.1.2
Tivoli Storage Manager
Version 7.1.1.300
Tivoli Storage Manager
Version 7.1.1
Tivoli Storage Manager
Version 7.1.3.000
Tivoli Storage Manager
Version 7.1.3.100
Tivoli Storage Manager
Version 7.1.3.1
Tivoli Storage Manager
Version 7.1.3.2
Tivoli Storage Manager
Version 7.1.3
Tivoli Storage Manager
Version 7.1.4.1
Tivoli Storage Manager
Version 7.1.4.2
Tivoli Storage Manager
Version 7.1.4
Tivoli Storage Manager
Version 7.1.5.200
Tivoli Storage Manager
Version 7.1.5
Tivoli Storage Manager
Version 7.1.6.6
Tivoli Storage Manager
Version 7.1.6
Tivoli Storage Manager
Version 7.1
Tivoli Storage Manager
Version 8.1.0.2
Tivoli Storage Manager
Version 8.1.0

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
Third Party AdvisoryVDB Entry
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.