CVE-2020-28198

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.0HIGH
EPSS
0.1%
top 73.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Storage Manager
Timeline
PublishedMay 6
Latest updateMay 24

Description

The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintain

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-25qx-g7cf-9cwg: ** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc2022-05-24
CVEList
CVE-2020-28198: The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc2021-05-06
CVE-2020-28198 (HIGH CVSS 7) | The 'id' parameter of IBM Tivoli St | cvebase.io