CVE-2010-3756Improper Input Validation in IBM Tivoli Storage Manager Fastback

CWE-20Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Storage Manager Fastback
Timeline
PublishedOct 5
Latest updateMay 14

Description

The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-3xpw-r9fx-85m3: The _CalcHashValueWithLength function in FastBackServer2022-05-14
CVEList
CVE-2010-3756: The _CalcHashValueWithLength function in FastBackServer2010-10-05
CVE-2010-3756 — Improper Input Validation in IBM | cvebase