CVE-2010-3754 — OS Command Injection in IBM Tivoli Storage Manager Fastback

CWE-78 — OS Command Injection3 documents3 sources

Severity

10.0CRITICALNVD

CNA7.5

EPSS

6.2%

top 9.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Fastback

Timeline

PublishedOct 5

Latest updateMay 14

Description

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager_fastback10 versions+9

🔴Vulnerability Details

GHSA

GHSA-j3q3-5985-p58m: The FXCLI_OraBR_Exec_Command function in FastBackServer↗2022-05-14

▶

CVEList

CVE-2010-3754: The FXCLI_OraBR_Exec_Command function in FastBackServer↗2010-10-05

▶