IBM Tivoli Storage Manager FastBack 5.5.x / 6.1.x < Multiple Vulnerabilities

High Nessus Plugin ID 89788


The remote backup service is affected by multiple vulnerabilities.


The version of IBM Tivoli Storage Manager FastBack running on the remote host is 5.5.x or 6.1.x prior to It is, therefore, affected by multiple vulnerabilities :

- Multiple buffer overflow conditions exist in server command processing due to improper bounds checking of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a buffer overflow, resulting in a denial of service or the execution of arbitrary code with system privileges. (CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522)

- A denial of service vulnerability exists that allows an unauthenticated, remote attacker to shut down the service via a specially crafted TCP packet.


Upgrade to IBM Tivoli Storage Manager FastBack version or later.

See Also

Plugin Details

Severity: High

ID: 89788

File Name: ibm_tsm_fastback_server_6_1_12_2.nasl

Version: 1.7

Type: remote

Family: General

Published: 2016/03/09

Updated: 2019/11/20

Dependencies: 11936, 83300

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2015-8522

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_fastback

Required KB Items: IBM Tivoli Storage Manager FastBack Server, Services/tsm-fastback

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/03/01

Vulnerability Publication Date: 2016/03/01

Reference Information

CVE: CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522, CVE-2015-8523

BID: 84161, 84163, 84164, 84166, 84167

IAVB: 2016-B-0045