IBM Tivoli Storage Manager FastBack is affected by multiple security vulnerabilities such as stack based buffer overflow, command injection and remote code execution. These vulnerabilities may cause the server to crash, elevate privileges, or disclose information.
CVEID: CVE-2015-4931**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a crafted packet an attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104161> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-4932**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a crafted packet an attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104162> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-4933**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a crafted packet an attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104163> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-4934**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a crafted packet an attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104164> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-4935**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a crafted packet an attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104165> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
IBM Tivoli Storage Manager Fastback 6.1.0.0 through 6.1.12.0
_FastBack Release _
| First FixingVRMF Level| Platform| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.12.1| Windows| None| http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack&fixids=6.1.12.1-TIV-TSMFB-FP001&source=SAR&function=fixId&parent=ibm/Tivoli
None