CVE-2014-6195

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 5.4 through 5.5 before 5.5.4.4 IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 5.4.x and 5.5.x on Windows and z/OS IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.1 before 6.1.5.7 on z/OS IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 6.1 and 6.2 before 6.2.5.2 on Windows IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 6.1 and 6.2 before 6.2.5.3 on AIX and Linux x86 IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 6.1 and 6.2 before 6.2.5.4 on Linux Z and Solaris IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.3 before 6.3.2.1 on AIX IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.3 before 6.3.2.2 on Windows IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.3 before 6.3.2.3 on Linux IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.4 before 6.4.2.1 IBM Tivoli Storage Manager (TSM) for Mail version 7.1 before 7.1.1

Description The issue allows local users to bypass authentication and restore a Domino database or transaction-log backup. This is related to the Java GUI and Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client when the Data Protection for Lotus Domino component is used.

Recommendations For IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 5.4 through 5.5 before 5.5.4.4, update to version 5.5.4.4 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 5.4.x and 5.5.x on Windows and z/OS, update to a version that is not vulnerable. For IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.1 before 6.1.5.7 on z/OS, update to version 6.1.5.7 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 6.1 and 6.2 before 6.2.5.2 on Windows, update to version 6.2.5.2 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 6.1 and 6.2 before 6.2.5.3 on AIX and Linux x86, update to version 6.2.5.3 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client versions 6.1 and 6.2 before 6.2.5.4 on Linux Z and Solaris, update to version 6.2.5.4 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.3 before 6.3.2.1 on AIX, update to version 6.3.2.1 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.3 before 6.3.2.2 on Windows, update to version 6.3.2.2 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.3 before 6.3.2.3 on Linux, update to version 6.3.2.3 or later. For IBM Tivoli Storage Manager (TSM) Backup-Archive client version 6.4 before 6.4.2.1, update to version 6.4.2.1 or later. For IBM Tivoli Storage Manager (TSM) for Mail version 7.1 before 7.1.1, update to version 7.1.1 or later.