cbcvebase.
CVE-2007-4348
published 2007-10-30

CVE-2007-4348: Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers…

PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.22%
65.0th percentile
Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

Affected

2 ranges
VendorProductVersion rangeFixed in
ibmtivoli_storage_manager_client<= 5.3.5.3
ibmtivoli_storage_manager_client<= 5.4.1.2

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.