CVE-2015-4951Improper Input Validation in IBM Tivoli Storage Manager

CWE-20Improper Input Validation3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 32.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Storage Manager
Timeline
PublishedJan 20
Latest updateMay 17

Description

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDibm/tivoli_storage_manager6 versions+5

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-h8pw-97xw-5hhc: Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 52022-05-17
CVEList
CVE-2015-4951: Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 52016-01-20
CVE-2015-4951 — Improper Input Validation in IBM | cvebase