IBM Tivoli Storage Manager < Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5016


The remote host is vulnerable to multiple attack vectors


The remote host is running the IBM Tivoli Storage Manager.

This version of TSM is reported vulnerable to multiple remote buffer overflows. An attacker, exploiting these flaws, would be able to execute arbitrary code on the remote system. In addition, the application is vulnerable to a flaw wherein attackers may be able to access confidential data on the remote system. Lastly, a vulnerability exists wherein attackers can execute man-in-the-middle attacks against the Windows and AIX SSL client.


The vendor has released versions,,, and 5.5.2 to address these issues

Plugin Details

Severity: High

ID: 5016

File Name: 5016.prm

Family: CGI

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 1442, 4728

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (IBM Tivoli Storage Manager Express RCA Service Buffer Overflow)

Reference Information

CVE: CVE-2008-4828

BID: 34803