CVE-2015-4950

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.1 through 6.1.3.5 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.3 through 6.3.1.2 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.4 through 6.4.1.3 IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 7.1 through 7.1.0.1 Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server version 2.1 Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server version 2.2 Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server versions 3.1 through 3.1.1.4 Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server versions 3.2 through 3.2.1.6 Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server versions 4.1 through 4.1.0 Tivoli Storage Manager FastBack for Microsoft Exchange versions 6.1 through 6.1.5.3

Description The mailbox-restore feature does not ensure that the correct mailbox is selected, allowing remote authenticated users to obtain sensitive information via a duplicate alias name.

Recommendations For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.1 through 6.1.3.5, update to version 6.1.3.6. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.3 through 6.3.1.2, update to version 6.3.1.3. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 6.4 through 6.4.1.3, update to version 6.4.1.4. For IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server versions 7.1 through 7.1.0.1, update to version 7.1.0.2. For Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server version 2.1, update to version 3.1.1.5 or later. For Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server version 2.2, update to version 3.1.1.5 or later. For Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server versions 3.1 through 3.1.1.4, update to version 3.1.1.5. For Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server versions 3.2 through 3.2.1.6, update to version 3.2.1.7. For Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server versions 4.1 through 4.1.0, update to version 4.1.1. For Tivoli Storage Manager FastBack for Microsoft Exchange versions 6.1 through 6.1.5.3, update to version 6.1.5.4.