Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4828Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Tivoli Storage Manager Client

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
77.4%
top 1.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
IBM Tivoli Storage Manager ClientIBM Tivoli Storage Manager Express
Timeline
PublishedMay 5
Latest updateMay 14

Description

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest reque

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDibm/tivoli_storage_manager_express5.3, 5.3.3.0, 5.3.6.4+2

Patches

Patch: www-01.ibm.comPatch: www-1.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-gcq2-fc8w-fh67: Multiple stack-based buffer overflows in dsmagent2022-05-14
CVEList
CVE-2008-4828: Multiple stack-based buffer overflows in dsmagent2009-05-05

💥Exploits & PoCs

1
Exploit-DB
IBM Tivoli Storage Manager Express RCA Service - Remote Buffer Overflow (Metasploit)2010-05-09
CVE-2008-4828 — IBM vulnerability | cvebase