CVE-2007-4348

medium

Description

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/38125

http://www.vupen.com/english/advisories/2007/3635

http://www.securitytracker.com/id?1018868

http://www.securityfocus.com/bid/26221

http://secunia.com/secunia_research/2007-75/advisory

http://secunia.com/advisories/27013

Details

Source: Mitre, NVD

Published: 2007-10-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00463