CVE-2010-3758 — Code Injection in IBM Tivoli Storage Manager Fastback

CWE-94 — Code Injection3 documents3 sources

Severity

10.0CRITICALNVD

CNA7.5

EPSS

35.4%

top 2.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Fastback

Timeline

PublishedOct 5

Latest updateMay 14

Description

Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka Act…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager_fastback10 versions+9

🔴Vulnerability Details

GHSA

GHSA-5mvg-7mqq-mfx7: Multiple stack-based buffer overflows in FastBackServer↗2022-05-14

▶

CVEList

CVE-2010-3758: Multiple stack-based buffer overflows in FastBackServer↗2010-10-05

▶