Lucene search

K
cve[email protected]CVE-2010-3754
HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3754

2010-10-0522:00:06
CWE-78
web.nvd.nist.gov
15
cve-2010-3754
ibm tivoli storage manager
tsm fastback
remote code execution
arbitrary code execution
vulnerability

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.3%

The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059.

Affected configurations

NVD
Node
ibmtivoli_storage_manager_fastbackMatch5.5.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.1
OR
ibmtivoli_storage_manager_fastbackMatch5.5.2
OR
ibmtivoli_storage_manager_fastbackMatch5.5.2.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.3.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.4.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.5.0
OR
ibmtivoli_storage_manager_fastbackMatch5.5.6.0
OR
ibmtivoli_storage_manager_fastbackMatch6.1.0.0
OR
ibmtivoli_storage_manager_fastbackMatch6.1.0.1

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.3%

Related for CVE-2010-3754