CVE-2007-4348 — Cross-site Scripting in IBM Tivoli Storage Manager Client

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 34.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Client

Timeline

PublishedOct 30

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager_client5.3.5.3+1

🔴Vulnerability Details

GHSA

GHSA-pmmx-wv98-xg9f: Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5↗2022-05-01

▶

CVEList

CVE-2007-4348: Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5↗2007-10-30

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-12-19

▶

💬Community

Bugzilla

CVE-2005-4348 security flaw↗2018-08-16

▶