Joe Hart

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager versions 6.3 through 6.3.5 IBM Tivoli Storage Manager versions 7.1 through 7.1.2 **Description** The issue concerns the Reporting and Monitoring component in Tivoli Monitoring, which uses world-writable permissions for unspecified files. This allows local users to gain privileges by writing to a file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For IBM Tivoli Storage Manager versions 6.3 through 6.3.5, update to version 6.3.6 or later. For IBM Tivoli Storage Manager versions 7.1 through 7.1.2, update to version 7.1.3 or later.