Vigil@nce - IBM Tivoli Storage Manager for Virtual Environments: information disclosure
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use IBM Tivoli Storage Manager for Virtual
Environments, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager
Severity: 2/4
Creation date: 27/05/2014
DESCRIPTION OF THE VULNERABILITY
The Data Protection for VMware GUI interface of IBM Tivoli Storage
Manager for Virtual Environments product is used to back up and
restore VMs.
However, an attacker can bypass access restrictions to data, in
order to back up and restore VMs he does not have access to.
An attacker can therefore use IBM Tivoli Storage Manager for
Virtual Environments, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN