IBM TSM for Virtual Environments 6.3.x < / 6.4.x < / 7.1.x < XSS

Medium Nessus Plugin ID 86324


A backup application installed on the remote host is affected by a cross-site scripting vulnerability.


The version of IBM Tivoli Storage Manager (TSM) for Virtual Environments installed on the remote host is 6.3.x prior to, 6.4.x prior to, or 7.1.x prior to It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to execute script code in the user's browser session.


Upgrade to Tivoli Storage Manager for Virtual Environments version / / or later.

See Also

Plugin Details

Severity: Medium

ID: 86324

File Name: tivoli_storage_manager_virtual_environments_vmware_CVE-2015-1988.nasl

Version: $Revision: 1.8 $

Type: local

Family: Misc.

Published: 2015/10/09

Modified: 2017/02/16

Dependencies: 86326, 86327

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 4.7

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_for_virtual_environments, cpe:/a:ibm:spectrum_protect_for_virtual_environments, cpe:/a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware

Required KB Items: installed_sw/Tivoli Storage Manager for Virtual Environments

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/09/30

Vulnerability Publication Date: 2015/09/30

Reference Information

CVE: CVE-2015-1988

BID: 76947

OSVDB: 128354