Detections
Analytics
IBM Tivoli Storage Manager FastBack 5.5.x / 6.1.x < 6.1.12.2 Multiple Vulnerabilities
critical Nessus Plugin ID 89788
Language:
Synopsis
The remote backup service is affected by multiple vulnerabilities.Description
The version of IBM Tivoli Storage Manager FastBack running on the remote host is 5.5.x or 6.1.x prior to 6.1.12.2. It is, therefore, affected by multiple vulnerabilities :- Multiple buffer overflow conditions exist in server command processing due to improper bounds checking of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a buffer overflow, resulting in a denial of service or the execution of arbitrary code with system privileges. (CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522)
- A denial of service vulnerability exists that allows an unauthenticated, remote attacker to shut down the service via a specially crafted TCP packet.
(CVE-2015-8523)
Solution
Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12.2 or later.See Also
Plugin Details
Severity: Critical
ID: 89788
File Name: ibm_tsm_fastback_server_6_1_12_2.nasl
Version: 1.7
Type: remote
Family: General
Published: 3/9/2016
Updated: 11/20/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2015-8522
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:tivoli_storage_manager_fastback
Required KB Items: IBM Tivoli Storage Manager FastBack Server, Services/tsm-fastback
Exploit Ease: No known exploits are available
Patch Publication Date: 3/1/2016
Vulnerability Publication Date: 3/1/2016
Reference Information
CVE: CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522, CVE-2015-8523
BID: 84161, 84163, 84164, 84166, 84167
IAVB: 2016-B-0045