IBM TSM for Virtual Environments 6.3.x < 188.8.131.52 / 6.4.x < 184.108.40.206 / 7.1.x < 220.127.116.11 XSS
Medium Nessus Plugin ID 86324
SynopsisA backup application installed on the remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of IBM Tivoli Storage Manager (TSM) for Virtual Environments installed on the remote host is 6.3.x prior to 18.104.22.168, 6.4.x prior to 22.214.171.124, or 7.1.x prior to 126.96.36.199. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to execute script code in the user's browser session.
SolutionUpgrade to Tivoli Storage Manager for Virtual Environments version 188.8.131.52 / 184.108.40.206 / 220.127.116.11 or later.