CVE-2015-0119 — Improper Access Control in IBM Tivoli Storage Manager Fastback

CWE-284 — Improper Access Control CWE-611 — XML External Entity (XXE) Injection5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Manager Fastback

Timeline

PublishedApr 6

Latest updateMay 17

Description

FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/tivoli_storage_manager_fastback6.1.11.0+6

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-657g-vhpr-8xv5: FastBack Mount in IBM Tivoli Storage Manager FastBack 6↗2022-05-17

▶

CVEList

CVE-2015-0119: FastBack Mount in IBM Tivoli Storage Manager FastBack 6↗2015-04-06

▶

📋Vendor Advisories

Red Hat

perl-XML-LibXML: "expand_entities" option was not preserved under some circumstances↗2015-04-23

▶

💬Community

Bugzilla

CVE-2015-3451 perl-XML-LibXML: "expand_entities" option was not preserved under some circumstances↗2015-04-28

▶