IBMC071EB44A0014676F150BBF76D6A0333DCF0F173B754DDC9AA9D4F7518CD9F4BSecurity Bulletin: IBM Tivoli Storage Manager FastBack Server Opcode 1332 Directory Traversal Remote Code Execution Vulnerability (CVE-2015-1942)
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.8%
Summary
An attacker can force IBM Tivoli Storage Manager FastBack Server to write arbitrary data to an arbitrary file under the privilege of SYSTEM.
Vulnerability Details
CVEID: CVE-2015-1942**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack could allow a remote attacker to write and execute a file on the system by sending a specially crafted packet to a specific TCP port.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103137> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected Products and Versions
IBM Tivoli Storage Manager FastBack Server 6.1.11.1 and earlier
Remediation/Fixes
_FastBack Release _
| First FixingVRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.12| Windows| None| <http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack>
Workarounds and Mitigations
none
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | tivoli_storage_manager_fastback | 6.1 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.1 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.1:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.2 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.2:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.3 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.3:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.4 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.4:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.5 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.5:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.6 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.6:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.7 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.7:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.8 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.8:*:*:*:*:*:*:* |
| ibm | tivoli_storage_manager_fastback | 6.1.9 | cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.9:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.8%