Ibm Tivoli Storage Manager vulnerabilities
49 known vulnerabilities affecting ibm/tivoli_storage_manager.
Total CVEs
49
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH18MEDIUM15LOW9
Vulnerabilities
Page 2 of 3
CVE-2015-4951MEDIUMCVSS 5.3v5.5v6.1+4 more2016-01-20
CVE-2015-4951 [MEDIUM] CWE-20 CVE-2015-4951: Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager)
Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.
nvd
CVE-2015-4927HIGHCVSS 7.2v6.3.3v6.3.4+5 more2015-11-04
CVE-2015-4927 [HIGH] CWE-264 CVE-2015-4927: The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
nvd
CVE-2014-4818LOWCVSS 2.1v5.4.0v5.5+11 more2015-02-24
CVE-2014-4818 [LOW] CWE-200 CVE-2014-4818: dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x b
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.
nvd
CVE-2014-6184HIGHCVSS 7.2≥ 5.4.0, ≤ 5.4.3.6≥ 5.5.0, ≤ 5.5.4.3+3 more2015-02-22
CVE-2014-6184 [HIGH] CWE-787 CVE-2014-6184: Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
nvd
CVE-2014-6195LOWCVSS 1.9v7.1v5.5+5 more2015-02-14
CVE-2014-6195 [LOW] CWE-284 CVE-2014-6195: The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive c
The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before
nvd
CVE-2014-6185HIGHCVSS 7.2v6.3.0v6.3.0.5+20 more2015-02-13
CVE-2014-6185 [HIGH] CWE-264 CVE-2014-6185: dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
nvd
CVE-2014-4813MEDIUMCVSS 6.9v5.4.1v5.4.2+41 more2015-02-13
CVE-2014-4813 [MEDIUM] CWE-362 CVE-2014-4813: Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 th
Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors.
nvd
CVE-2014-4817LOWCVSS 2.1v5.1.0v5.1.1+82 more2014-11-18
CVE-2014-4817 [LOW] CWE-264 CVE-2014-4817: The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
nvd
CVE-2013-6335LOWCVSS 3.3≥ 5.1, < 6.2.5.3≥ 6.3.0, < 6.3.2+3 more2014-08-26
CVE-2013-6335 [LOW] CWE-281 CVE-2013-6335: The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x befor
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass i
nvd
CVE-2014-0876LOWCVSS 2.1v5.4.0v5.5.0+4 more2014-08-17
CVE-2014-0876 [LOW] CWE-119 CVE-2014-0876: Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive cl
Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors.
nvd
CVE-2013-5371LOWCVSS 2.1v6.3.1v6.4.02014-01-23
CVE-2013-5371 [LOW] CWE-264 CVE-2013-5371: The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissi
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
nvd
CVE-2013-2964HIGHCVSS 7.2v6.3.0v6.3.0.17+62 more2013-10-04
CVE-2013-2964 [HIGH] CWE-119 CVE-2013-2964: Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.
nvd
CVE-2013-0472MEDIUMCVSS 5.1≤ 6.2.4.4v3.1.0+63 more2013-02-21
CVE-2013-0472 [MEDIUM] CVE-2013-0472: The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
nvd
CVE-2013-0471MEDIUMCVSS 4.3≤ 6.2.4.4v3.1.0+63 more2013-02-21
CVE-2013-0471 [MEDIUM] CVE-2013-0471: The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 befo
The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors.
nvd
CVE-2011-1222HIGHCVSS 7.2≤ 5.4.3.3v4.2+30 more2011-07-17
CVE-2011-1222 [HIGH] CWE-119 CVE-2011-1222: Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.
nvd
CVE-2011-1223HIGHCVSS 7.2≤ 5.4.3.3v4.2+30 more2011-07-17
CVE-2011-1223 [HIGH] CWE-119 CVE-2011-1223: Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-a
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.
nvd
CVE-2010-4604HIGHCVSS 7.2PoC≥ 5.3.0, ≤ 5.3.6.7≥ 5.4.0, ≤ 5.4.3.3+2 more2010-12-29
CVE-2010-4604 [HIGH] CWE-787 CVE-2010-4604: Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communicatio
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LAN
nvd
CVE-2010-4606HIGHCVSS 7.5≥ 5.4.0, < 5.4.3.4≥ 5.5.0, < 5.5.3+2 more2010-12-29
CVE-2010-4606 [HIGH] CVE-2010-4606: Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulner
nvd
CVE-2010-4605MEDIUMCVSS 6.6v5.3.0v5.3.1+26 more2010-12-29
CVE-2010-4605 [MEDIUM] CVE-2010-4605: Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x bef
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors.
nvd
CVE-2009-3854CRITICALCVSS 10.0v5.2.5.3v5.3+16 more2009-11-04
CVE-2009-3854 [CRITICAL] CWE-119 CVE-2009-3854: Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd