IBM Tivoli Storage Manager FastBack Demo package on the Web contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
CVEID: CVE-2016-5934**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Demo package on the web could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim’s path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.
CVSS Base Score: 7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115819 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
FastBack Demo package on the Web page (option 4)
https://www.ibm.com/marketing/iwm/tnd/featured.jsp?pgel=featdnld
FastBack
| Platfom| Link to fix
—|—|—
FastBack Demo package on the Web| Windows| The affected FastBack demo was removed from the following web page:
https://www.ibm.com/marketing/iwm/tnd/featured.jsp?pgel=featdnld
None