Lucene search

[email protected]NVD:CVE-2007-4348

HistoryOct 30, 2007 - 7:46 p.m.

CVE-2007-4348

2007-10-3019:46:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

Affected configurations

Nvd

Node

ibmtivoli_storage_manager_clientRange≤5.3.5.3windows

ibmtivoli_storage_manager_clientRange≤5.4.1.2windows

VendorProductVersionCPE
ibmtivoli_storage_manager_client*cpe:2.3:a:ibm:tivoli_storage_manager_client:*:*:windows:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager_client	*	cpe:2.3:a:ibm:tivoli_storage_manager_client:::windows:::::*

References

secunia.com/advisories/27013

secunia.com/secunia_research/2007-75/advisory

www.securityfocus.com/bid/26221

www.securitytracker.com/id?1018868

www.vupen.com/english/advisories/2007/3635

exchange.xforce.ibmcloud.com/vulnerabilities/38125

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Related for NVD:CVE-2007-4348

prion1 cve1 cvelist1 securityvulns2