IBM TSM for Virtual Environments 6.3.x < 6.3.2.5 / 6.4.x < 6.4.3.1 / 7.1.x < 7.1.3.0 XSS

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

A backup application installed on the remote host is affected by a
cross-site scripting vulnerability.

Description :

The version of IBM Tivoli Storage Manager (TSM) for Virtual
Environments installed on the remote host is 6.3.x prior to 6.3.2.5,
6.4.x prior to 6.4.3.1, or 7.1.x prior to 7.1.3.0. It is, therefore,
affected by a cross-site scripting (XSS) vulnerability due to improper
validation of input before returning it to users. An unauthenticated,
remote attacker can exploit this, via a specially crafted link, to
execute script code in the user's browser session.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21967532

Solution :

Upgrade to Tivoli Storage Manager for Virtual Environments version
6.3.2.5 / 6.4.3.1 / 7.1.3.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 86324 ()

Bugtraq ID: 76947

CVE ID: CVE-2015-1988

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now