Vigil@nce - IBM Tivoli Storage Manager for Mail: mailbox disclosure
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can request a mailbox to be restored via IBM Tivoli
Storage Manager for Mail, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager
Severity: 2/4
Creation date: 27/03/2014
DESCRIPTION OF THE VULNERABILITY
The IBM Tivoli Storage Manager for Mail Data Protection for
Microsoft Exchange Server product is used to restore users’ PST
mailboxes.
However, when two mailboxes are restored simultaneously, a user
may receive the mailbox of another user.
An attacker can therefore request a mailbox to be restored via IBM
Tivoli Storage Manager for Mail, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-Tivoli-Storage-Manager-for-Mail-mailbox-disclosure-14489