CVE-2009-1520 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Tivoli Storage Manager Client

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.1%

top 21.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Client IBM Tivoli Storage Manager Express

Timeline

PublishedMay 5

Latest updateMay 2

Description

Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/tivoli_storage_manager_client16 versions+15

▶NVDibm/tivoli_storage_manager_express5.3, 5.3.3.0, 5.3.6.4+2

🔴Vulnerability Details

GHSA

GHSA-rh7m-g8cv-v2jg: Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5↗2022-05-02

▶

CVEList

CVE-2009-1520: Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5↗2009-05-05

▶