Re: Fixing level for ASNODENAME vulnerability

I was able to get some more details. Here they are: == The problem is that all client sessions which use ASNODENAME and have authority to use ASNODENAME, will run as authorized sessions. According to the doc, sessions using ASNODENAME must be run as

Re: Fixing level for ASNODENAME vulnerability

Hi This is really good question. If fact current description is not very clear. Anyone could provide better one or some example scenario to know which data/config is affected? Thanks in advance Krzysztof 2016-02-25 13:04 GMT+01:00 Henrik Ahlgren : > Is the IBM Security

Re: Fixing level for ASNODENAME vulnerability

Is the IBM Security Bulletin correct when it does not list Windows as a vulnerable platform? BTW, where can I find a more detailed description about what does this mean exactly: "The Tivoli Storage Manager server fails to adequately check the authorization of client sessions using the ASNODENAME

Re: Fixing level for ASNODENAME vulnerability

, February 24, 2016 3:32 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] Fixing level for ASNODENAME vulnerability We are trying to figure out how to deal with the bug described in https://urldefense.proofpoint.com/v2/url?u=http-3A__www-2D01.ibm.com_support_docview.wss-3Fuid-3Dswg21975957=AwIFAg

Fixing level for ASNODENAME vulnerability

We are trying to figure out how to deal with the bug described in http://www-01.ibm.com/support/docview.wss?uid=swg21975957. The document at that URL includes a table with information about the availability of fixes for various server code levels. The row for TSM 6.3 has a cell stating that the