Detections
Analytics

IBM Tivoli Storage Manager < 5.2.5.4/5.3.6.6/5.4.2.7/5.5.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5016

Synopsis

The remote host is vulnerable to multiple attack vectors

Description

The remote host is running the IBM Tivoli Storage Manager.

This version of TSM is reported vulnerable to multiple remote buffer overflows. An attacker, exploiting these flaws, would be able to execute arbitrary code on the remote system. In addition, the application is vulnerable to a flaw wherein attackers may be able to access confidential data on the remote system. Lastly, a vulnerability exists wherein attackers can execute man-in-the-middle attacks against the Windows and AIX SSL client.

Solution

The vendor has released versions 5.2.5.4, 5.3.6.6, 5.4.2.7, and 5.5.2 to address these issues

Plugin Details

Severity: High

ID: 5016

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (IBM Tivoli Storage Manager Express RCA Service Buffer Overflow)

Reference Information

CVE: CVE-2008-4828

BID: 34803