Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4880Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Tivoli Storage Manager Client

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
10.0CRITICALNVD
EPSS
88.9%
top 0.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Tivoli Storage Manager Client
Timeline
PublishedSep 28
Latest updateMay 1

Description

Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www-1.ibm.comPatch: www-1.ibm.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-x7wp-f8qv-9jfv: Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad2022-05-01
CVEList
CVE-2007-4880: Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad2007-09-28

💥Exploits & PoCs

3
Exploit-DB
IBM Tivoli Storage Manager Express CAD Service - Remote Buffer Overflow (Metasploit) (2)2010-05-09
Exploit-DB
IBM Tivoli Storage Manager 5.3 - Express CAD Service Buffer Overflow2007-10-27
Exploit-DB
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow2007-02-12
CVE-2007-4880 — IBM vulnerability | cvebase