IBM Tivoli Storage Manager FastBack is affected by multiple security vulnerabilities such as stack based buffer overflow and denial of service. These vulnerabilities may cause the server to crash.
CVEID: CVE-2015-8519**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Server is vulnerable to a buffer overflow, caused by improper bounds checking in server command processing. A remote attacker could overflow a buffer and execute arbitrary code on the system with system privileges or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108936 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-8520**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Server is vulnerable to a buffer overflow, caused by improper bounds checking in server command processing. A remote attacker could overflow a buffer and execute arbitrary code on the system with system privileges or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108937 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-8521**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Server is vulnerable to a buffer overflow, caused by improper bounds checking in server command processing. A remote attacker could overflow a buffer and execute arbitrary code on the system with system privileges or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108938 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-8522**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Server is vulnerable to a buffer overflow, caused by improper bounds checking in server command processing. A remote attacker could overflow a buffer and execute arbitrary code on the system with system privileges or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108939 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
**
CVEID:** CVE-2015-8523**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Server is vulnerable to a denial of service. An attacker can send specially-crafted packets to the target’s TCP port which would result in a shutdown of the service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108943 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM Tivoli Storage Manager FastBack 6.1.0.0 through 6.1.12.1.
IBM Tivoli Storage Manager FastBack 5.5 all levels
_FastBack Release _
| First Fixing VRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.12.2| Windows| None| <http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack>
For FastBack 5.5, IBM recommends upgrading to a fixed, supported version of FastBack (6.1.12.2).
None