IBM Security Bulletin: Unauthorized Access Vulnerability affects IBM Tivoli Storage Manager Client (CVE-2016-2894)
When performing an archive and retrieve operation using a symbolic link, the IBM Tivoli Storage Manager (IBM Spectrum Protect) Client could allow a local user to access files they are otherwise not allowed to access.
CVE(s): CVE-2016-2894
Affected product(s) and affected version(s):
The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client are affected:
- 7.1.0.0 through 7.1.4.x
(Note there is no 7.1.5) - 6.4.0.0 through 6.4.3.2
- 6.3.0.0 through 6.3.2.5
- 6.2, 6.1, and 5.5 all levels (these releases are EOS)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29754yj
X-Force Database: http://ift.tt/29tktaN
from IBM Product Security Incident Response Team http://ift.tt/2974yR5