CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.6%
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_storage_manager_client | 5.1 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.1.8.0 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1.8.0:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.2 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.2.5.1 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2.5.1:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.3 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.3.5.2 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3.5.2:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.4 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4:*:*:*:*:*:*:* |
ibm | tivoli_storage_manager_client | 5.4.1.1 | cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4.1.1:*:*:*:*:*:*:* |
osvdb.org/38161
secunia.com/advisories/26883
securityreason.com/securityalert/3184
www-1.ibm.com/support/docview.wss?uid=swg21268775
www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only
www.securityfocus.com/archive/1/480492
www.securityfocus.com/bid/25743
www.securitytracker.com/id?1018725
www.vupen.com/english/advisories/2007/3228
www.zerodayinitiative.com/advisories/ZDI-07-054.html
exchange.xforce.ibmcloud.com/vulnerabilities/36700