CVE-2007-4348
published 2007-10-30CVE-2007-4348: Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.22%
65.0th percentile
Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | tivoli_storage_manager_client | <= 5.3.5.3 | — |
| ibm | tivoli_storage_manager_client | <= 5.4.1.2 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pmmx-wv98-xg9f: Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5
ghsa_unreviewed·2022-05-01
CVE-2007-4348 [MEDIUM] CWE-79 GHSA-pmmx-wv98-xg9f: Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5
Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.
Red Hat
security flaw
vendor_redhat·2005-12-19·CVSS 7.8
CVE-2005-4348 [HIGH] security flaw
security flaw
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue:
http://rhn.redhat.com/errata/RHSA-2007-0018.html
This issue did not affect Red Hat Enterprise Linux 2.1 and 3.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/27013http://secunia.com/secunia_research/2007-75/advisoryhttp://www.securityfocus.com/bid/26221http://www.securitytracker.com/id?1018868http://www.vupen.com/english/advisories/2007/3635https://exchange.xforce.ibmcloud.com/vulnerabilities/38125http://secunia.com/advisories/27013http://secunia.com/secunia_research/2007-75/advisoryhttp://www.securityfocus.com/bid/26221http://www.securitytracker.com/id?1018868http://www.vupen.com/english/advisories/2007/3635https://exchange.xforce.ibmcloud.com/vulnerabilities/38125
2007-10-30
Published