An improperly formatted SELECT command to an IBM Tivoli Storage Manager (IBM Spectrum Protect) Server can cause a buffer overflow that could allow an attacker to execute arbitrary code on the server.
CVEID: CVE-2016-8998**
DESCRIPTION:** IBM Tivoli Storage Manager Server could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels:
Note that this vulnerability has been fixed in 8.1.0.0.
_ _
Tivoli Storage Manager Server Release
| Fixing
VRM
Level|**_
Platform_|Link to Fix / Fix Availability Target**
—|—|—|—
7.1| 7.1.7.100| AIX
HP-UX
Linux
Solaris
Windows| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Storage+Manager&release=7.1.7.100&platform=All&function=all
None