IBM TSM for Virtual Environments 6.4.x < 6.4.3.4 / 7.1.x < 7.1.6.0 RCE

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A backup application installed on the remote host is affected by a
remote command execution vulnerability.

Description :

The version of IBM Tivoli Storage Manager (TSM) for Virtual
Environments installed on the remote host is 6.4.x prior to 6.4.3.4 or
7.1.x prior to 7.1.6.0. It is, therefore, affected by an unspecified
flaw in the GUI that allows an authenticated, remote attacker in
limited cases to exercise certain commands that require administrative
credentials without having these credentials.

See also :

http://www.ibm.com/support/docview.wss?uid=swg21988781

Solution :

Upgrade to Tivoli Storage Manager for Virtual Environments version
6.4.3.4 / 7.1.6.0 or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 93127 ()

Bugtraq ID:

CVE ID: CVE-2016-2988

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now