125 results (0.089 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 2

The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer ** NO COMPATIBLE CUANDO SE ASIGNO ** El parámetro "id" de IBM Tivoli Storage Manager Versión 5 Release 2 (Interfaz Administrativa de Línea de Comandos, dsmadmc.exe) es vulnerable a un desbordamiento del búfer de la pila explotable. Nota: la vulnerabilidad puede ser explotada cuando es usado en modo "interactive" mientras que, debido a una limitación del número máximo de caracteres, no puede ser explotado en el uso por lotes o en la línea de comandos (por ejemplo, dsmadmc.exe -id=username -password=pwd) . NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor • https://github.com/VoidSec/Exploit-Development/blob/master/windows/x86/local/IBM_ITSM_Administrator_Client_v.5.2.0.1/IBM_TSM_v.5.2.0.1_exploit.py https://voidsec.com/tivoli-madness/#IBM_Tivoli_Storage_Manager • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871. Los procesos dsmc y dsmcad de IBM Spectrum Protect 7.1 y 8.1 acumulan incorrectamente sockets TCP/IP en un estado CLOSE_WAIT. Esto puede provocar el filtrado del recurso TCP/IP y podría resultar en una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=ibm10738765 http://www.securityfocus.com/bid/105940 https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696. IBM Spectrum Protect 7.1 y 8.1 podría permitir que un usuario local corrompa o elimine información altamente sensible que provocaría una denegación de servicio (DoS) en otros usuarios. IBM X-Force ID: 142696. • http://www.ibm.com/support/docview.wss?uid=ibm10719401 https://exchange.xforce.ibmcloud.com/vulnerabilities/142696 • CWE-269: Improper Privilege Management •

CVSS: 5.5EPSS: 0%CPEs: 62EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. IBM Spectrum Protect 7.1 y 8.1 podría permitir que un atacante local realice un ataque symlink. • http://www.ibm.com/support/docview.wss?uid=swg22006248 http://www.securityfocus.com/bid/101107 https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) revela las credenciales sin cifrar de inicio de sesión de Vmware vCenter en la salida de la traza de la aplicación, las cuales las puede obtener un usuario local. IBM X-Force ID: 126875. • http://www.ibm.com/support/docview.wss?uid=swg22006215 https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 • CWE-522: Insufficiently Protected Credentials •