CVE-2010-3759 — Code Injection in IBM Tivoli Storage Manager Fastback

CWE-94 — Code Injection3 documents3 sources

Severity

10.0CRITICALNVD

CNA7.5

EPSS

6.7%

top 8.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Fastback

Timeline

PublishedOct 5

Latest updateMay 14

Description

FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager_fastback10 versions+9

🔴Vulnerability Details

GHSA

GHSA-mcm4-fv4w-h3q4: FastBackMount↗2022-05-14

▶

CVEList

CVE-2010-3759: FastBackMount↗2010-10-05

▶