CVE-2014-6185 — IBM Tivoli Storage Manager vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 84.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager

Timeline

PublishedFeb 13

Latest updateMay 17

Description

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager22 versions+21

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-jgcp-jggp-p78x: dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6↗2022-05-17

▶

CVEList

CVE-2014-6185: dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6↗2015-02-13

▶