CVE-2010-3757 — OS Command Injection in IBM Tivoli Storage Manager Fastback

CWE-78 — OS Command Injection4 documents4 sources

Severity

10.0CRITICALNVD

CNA7.5

EPSS

6.7%

top 8.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Fastback

Timeline

PublishedOct 5

Latest updateMay 14

Description

Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager_fastback10 versions+9

🔴Vulnerability Details

GHSA

GHSA-9f8x-24h4-4p65: Format string vulnerability in the _Eventlog function in FastBackServer↗2022-05-14

▶

CVEList

CVE-2010-3757: Format string vulnerability in the _Eventlog function in FastBackServer↗2010-10-05

▶

💥Exploits & PoCs

Exploit-DB

Google Appliance ProxyStyleSheet - Command Execution (Metasploit)↗2010-07-01

▶